Password Hashing (bcrypt)

This example will show how to hash passwords using bcrypt. For this we have to go get the golang bcrypt library like so:

$ go get golang.org/x/crypto/bcrypt

From now on, every application we write will be able to make use of this library.

  1. // passwords.go
  2. package main
  4. import (
  5.     "fmt"
  7.     "golang.org/x/crypto/bcrypt"
  8. )
  10. func HashPassword(password string) (string, error) {
  11.     bytes, err := bcrypt.GenerateFromPassword([]byte(password), 14)
  12.     return string(bytes), err
  13. }
  15. func CheckPasswordHash(password, hash string) bool {
  16.     err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
  17.     return err == nil
  18. }
  20. func main() {
  21.     password := "secret"
  22.     hash, _ := HashPassword(password) // ignore error for the sake of simplicity
  24.     fmt.Println("Password:", password)
  25.     fmt.Println("Hash:    ", hash)
  27.     match := CheckPasswordHash(password, hash)
  28.     fmt.Println("Match:   ", match)
  29. }
  1. $ go run passwords.go
  2. Password: secret
  3. Hash:     $2a$14$ajq8Q7fbtFRQvXpdCq7Jcuy.Rx1h/L4J60Otx.gyNLbAYctGMJ9tK
  4. Match:    true