README
¶
Go - Argon
Go library for Argon2 password hashing, based on NIST SP 800-63B guidelines for password hashing.
This library provides a simple and secure wrapper around golang.org/x/crypto/argon2, supporting both Argon2id (default, recommended) and Argon2i modes with PHC string formatting.
Installation
go get github.com/fawwazid/go-argon
Usage
Simple Hashing (Default NIST Params)
This uses Argon2id with:
- Memory: 64 MB
- Iterations: 1
- Parallelism: min(4, number of CPUs)
- Salt: 16 bytes
- Key: 32 bytes
package main
import (
"fmt"
"log"
"github.com/fawwazid/go-argon"
)
func main() {
password := "my_secure_password"
// Hash the password
hash, err := argon.Hash(password)
if err != nil {
log.Fatal(err)
}
fmt.Println("Hash:", hash)
// Verify the password
match, err := argon.Verify(password, hash)
if err != nil {
log.Fatal(err)
}
if match {
fmt.Println("Password verified!")
} else {
fmt.Println("Invalid password.")
}
}
Custom Parameters
You can customize the parameters if you need stricter security or lower resource usage (e.g., for IoT devices).
params := &argon.Params{
Memory: 32 * 1024, // 32 MB
Iterations: 3,
Parallelism: 2,
SaltLength: 16,
KeyLength: 32,
Mode: argon.ModeArgon2id, // or argon.ModeArgon2i
}
hash, err := argon.HashWithParams("password", params)
Choosing Between Argon2id and Argon2i
- Argon2id (Default): Recommended by NIST. Hybrid mode that provides resistance to both GPU/ASIC attacks and side-channel attacks. Use this for general password hashing.
- Argon2i: Optimized for maximum resistance to side-channel attacks. Use this in environments where timing attacks are a primary concern.
// Using Argon2i explicitly
params := &argon.Params{
Memory: 64 * 1024,
Iterations: 1,
Parallelism: 4,
SaltLength: 16,
KeyLength: 32,
Mode: argon.ModeArgon2i,
}
hash, err := argon.HashWithParams("password", params)
Note: Argon2d is not supported as it is vulnerable to side-channel attacks and not recommended for password hashing by NIST.
Standards Compliance
This library follows NIST Special Publication 800-63B guidelines for Password Hashing:
- Algorithm: Supports Argon2id (default) and Argon2i (see Section 5.1.1.2). Argon2id is memory-hard and resistant to both GPU/ASIC attacks and side-channel attacks.
- Salt: Automatically generates a 16-byte cryptographically secure random salt (meets the 32-bit minimum, recommending 128-bit/16-byte).
- Work Factor: Defaults to 64 MB memory usage, satisfying the requirement for memory-hard functions to make offline attacks expensive.
- Mode Selection: Defaults to Argon2id. NIST recommends memory-hardened functions; Argon2id is the primary choice for this.
NIST SP 800-63B Section 5.1.1.2: "Verifiers SHALL store memorized secrets in a form that is resistant to offline attacks. Secrets SHALL be hashed with a salt value using a memory-hard function... The salt value SHALL be at least 32 bits in length... The key derivation function SHALL perform an iteration count to increase the work factor...".
License
This project is licensed under the MIT License - see the LICENSE file for details.
Documentation
¶
Index ¶
Constants ¶
const ( // ModeArgon2id is the default mode, recommended by NIST. ModeArgon2id = "argon2id" // ModeArgon2i is optimized to resist side-channel attacks. ModeArgon2i = "argon2i" )
const ( // DefaultMemory is the default memory (in kibibytes) used by the algorithm (64 MB). DefaultMemory = 64 * 1024 // DefaultIterations is the default number of passes over the memory. DefaultIterations = 1 // DefaultParallelism is the default number of threads (or lanes) used by the algorithm. DefaultParallelism = 4 // DefaultSaltLength is the default length of the random salt. DefaultSaltLength = 16 // DefaultKeyLength is the default length of the generated key. DefaultKeyLength = 32 )
Variables ¶
var ( // ErrInvalidHash is returned when the hash is not in the correct format. ErrInvalidHash = errors.New("argon: hash is not in the correct format") // ErrIncompatibleVersion is returned when the hash version is not supported. ErrIncompatibleVersion = errors.New("argon: incompatible version of argon2") // ErrUnsupportedMode is returned when the mode is not supported. ErrUnsupportedMode = errors.New("argon: unsupported argon2 mode") )
Functions ¶
func HashWithParams ¶
HashWithParams returns a matchable PHC string using the provided configuration.
Types ¶
type Params ¶
type Params struct {
// The amount of memory used by the algorithm (in kibibytes).
Memory uint32
// The number of passes over the memory.
Iterations uint32
// The number of threads (or lanes) used by the algorithm.
Parallelism uint8
// The length of the random salt. 16 bytes is recommended for password hashing.
SaltLength uint32
// The length of the generated key (or password hash). 32 bytes or more is recommended.
KeyLength uint32
// The mode of Argon2 to use (argon2id or argon2i).
Mode string
}
Params describes the input parameters used by the Argon2id algorithm. The params are set to satisfy NIST recommendations for password hashing.
func DefaultParams ¶
func DefaultParams() *Params
DefaultParams returns the parameters recommended for interactive logins according to NIST and OWASP guidelines (2024/2025).
Current defaults:
- Memory: 64 MB (64 * 1024)
- Iterations: 1
- Parallelism: up to 4 (uses runtime.NumCPU() if less than 4, but always capped at 4) This cap is intended to avoid excessive resource usage on high-core-count systems for typical authentication scenarios, and to provide consistent default behavior. Note: On systems with more than 4 CPUs, this may result in underutilization of available CPU cores. If higher parallelism is desired, set the Parallelism field manually.
- SaltLength: 16 bytes
- KeyLength: 32 bytes
- Mode: argon2id
Source Files