Unchained

Secure password hashers for Go compatible with Django Password Hashers.

Unchained can also be used to perform password validation against legacy or shared Django databases.

Install

Requires Go 1.9 or higher.

go get github.com/alexandrevicenzi/unchained

Supported Hashers

Hasher	Encode	Decode	Dependencies
Argon2	✔	✔	golang.org/x/crypto/argon2
BCrypt	✔	✔	golang.org/x/crypto/bcrypt
BCrypt SHA256	✔	✔	golang.org/x/crypto/bcrypt
Crypt	✘	✘
MD5	✔	✔
PBKDF2 SHA1	✔	✔	golang.org/x/crypto/pbkdf2
PBKDF2 SHA256	✔	✔	golang.org/x/crypto/pbkdf2
SHA1	✔	✔
Unsalted MD5	✔	✔
Unsalted SHA1	✔	✔

Notes

Crypt support is not planned because it's UNIX only.

BCrypt hasher does not allow to set custom salt as in Django. If you encode the same password multiple times you will get different hashes. This limitation comes from golang.org/x/crypto/bcrypt library.

Examples

Encode password

package main

import "github.com/alexandrevicenzi/unchained"

func main() {
    hash, err := unchained.MakePassword("my-password", unchained.GetRandomString(12), "default")

    if err == nil {
        fmt.Println(hash)
    } else {
        fmt.Printf("Error encoding password: %s\n", err)
    }
}

Validate password

package main

import "github.com/alexandrevicenzi/unchained"

func main() {
    valid, err := unchained.CheckPassword("admin", "pbkdf2_sha256$24000$JMO9TJawIXB1$5iz40fwwc+QW6lZY+TuNciua3YVMV3GXdgkhXrcvWag=")

    if valid {
        fmt.Println("Password is valid.")
    } else {
        if err == nil {
            fmt.Println("Password is invalid.")
        } else {
            fmt.Printf("Error decoding password: %s\n", err)
        }
    }
}

License

BSD

Reference

• Password management in Django
• Django Unchained

Related Links

• Django compatible signing for Go (django.core.signing)