simple-scrypt alternatives and similar packages
Based on the "Security" category.
Alternatively, view simple-scrypt alternatives based on common mentions on social networks and blogs.
-
Lean and Mean Docker containers
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source) -
age
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability. -
-
-
CertMagic
Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal -
Cameradar
Cameradar hacks its way into RTSP videosurveillance cameras -
acmetool
:lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt) -
memguard
Secure software enclave for storage of sensitive information in memory. -
secure
HTTP middleware for Go that facilitates some quick security wins. -
Themis by Cossack Labs
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms. -
acra
Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL. -
ToRat
ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication -
-
BadActor
BadActor.org An in-memory application driven jailer written in Go -
firewalld-rest
A rest application to update firewalld rules on a linux server -
go-password-validator
Validate the Strength of a Password in Go -
passlib
:key: Idiotproof golang password validation library inspired by Python's passlib -
argon2pw
Argon2 password hashing package for go with constant time hash comparison -
dongle
A simple, semantic and developer-friendly golang package for encoding&decoding and encryption&decryption -
goSecretBoxPassword
A probably paranoid Golang utility library for securely hashing and encrypting passwords based on the Dropbox method. This implementation uses Blake2b, Scrypt and XSalsa20-Poly1305 (via NaCl SecretBox) to create secure password hashes that are also encrypted using a master passphrase. -
Credman
Simple and secure credential/password management with extra steps in Go! -
secureio
An easy-to-use XChaCha20-encryption wrapper for io.ReadWriteCloser (even lossy UDP) using ECDH key exchange algorithm, ED25519 signatures and Blake3+Poly1305 checksums/message-authentication for Go (golang). Also a multiplexer. -
goArgonPass
goArgonPass is a Argon2 Password utility package for Go using the crypto library package Argon2 designed to be compatible with Passlib for Python and Argon2 PHP. Argon2 was the winner of the most recent Password Hashing Competition. This is designed for use anywhere password hashing and verification might be needed and is intended to replace implementations using bcrypt or Scrypt. -
certificates
An opinionated helper for generating tls certificates -
argon2-hashing
A light package for generating and comparing password hashing with argon2 in Go -
sslmgr
A layer of abstraction the around acme/autocert certificate manager (Golang) -
Go random string generator
Flexible and customizable random string generator -
Interpol
Rule-based data generator for fuzzing and penetration testing.
Scout APM: A developer's best friend. Try free for 14-days
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of simple-scrypt or a related project?
|
Run Linux Software Faster and Safer than Linux with Unikernels
sponsored
github.com/nanovms
|
Popular Comparisons
-
simple-scryptvsThemis by Cossack Labs
-
simple-scryptvsACL
-
simple-scryptvslego
-
simple-scryptvsBadActor
-
simple-scryptvsgo-yara
|
SaaSHub - Software Alternatives and Reviews
sponsored
www.saashub.com
|
README
simple-scrypt
simple-scrypt provides a convenience wrapper around Go's existing scrypt package that makes it easier to securely derive strong keys ("hash user passwords"). This library allows you to:
- Generate a scrypt derived key with a crytographically secure salt and sane default parameters for N, r and p.
- Upgrade the parameters used to generate keys as hardware improves by storing them with the derived key (the scrypt spec. doesn't allow for this by default).
- Provide your own parameters (if you wish to).
The API closely mirrors Go's bcrypt library in an effort to make it easy to migrate—and because it's an easy to grok API.
Installation
With a working Go toolchain:
go get -u github.com/elithrar/simple-scrypt
Example
simple-scrypt doesn't try to re-invent the wheel or do anything "special". It
wraps the scrypt.Key function as thinly as possible, generates a
crytographically secure salt for you using Go's crypto/rand package, and
returns the derived key with the parameters prepended:
package main
import(
"fmt"
"log"
"github.com/elithrar/simple-scrypt"
)
func main() {
// e.g. r.PostFormValue("password")
passwordFromForm := "prew8fid9hick6c"
// Generates a derived key of the form "N$r$p$salt$dk" where N, r and p are defined as per
// Colin Percival's scrypt paper: http://www.tarsnap.com/scrypt/scrypt.pdf
// scrypt.Defaults (N=16384, r=8, p=1) makes it easy to provide these parameters, and
// (should you wish) provide your own values via the scrypt.Params type.
hash, err := scrypt.GenerateFromPassword([]byte(passwordFromForm), scrypt.DefaultParams)
if err != nil {
log.Fatal(err)
}
// Print the derived key with its parameters prepended.
fmt.Printf("%s\n", hash)
// Uses the parameters from the existing derived key. Return an error if they don't match.
err := scrypt.CompareHashAndPassword(hash, []byte(passwordFromForm))
if err != nil {
log.Fatal(err)
}
}
Upgrading Parameters
Upgrading derived keys from a set of parameters to a "stronger" set of parameters as hardware improves, or as you scale (and move your auth process to separate hardware), can be pretty useful. Here's how to do it with simple-scrypt:
func main() {
// SCENE: We've successfully authenticated a user, compared their submitted
// (cleartext) password against the derived key stored in our database, and
// now want to upgrade the parameters (more rounds, more parallelism) to
// reflect some shiny new hardware we just purchased. As the user is logging
// in, we can retrieve the parameters used to generate their key, and if
// they don't match our "new" parameters, we can re-generate the key while
// we still have the cleartext password in memory
// (e.g. before the HTTP request ends).
current, err := scrypt.Cost(hash)
if err != nil {
log.Fatal(err)
}
// Now to check them against our own Params struct (e.g. using reflect.DeepEquals)
// and determine whether we want to generate a new key with our "upgraded" parameters.
slower := scrypt.Params{
N: 32768,
R: 8,
P: 2,
SaltLen: 16,
DKLen: 32,
}
if !reflect.DeepEqual(current, slower) {
// Re-generate the key with the slower parameters
// here using scrypt.GenerateFromPassword
}
}
Automatically Determining Parameters
Thanks to the work by tgulacsi, you can have simple-scrypt automatically determine the optimal parameters for you (time vs. memory). You should run this once on program startup, as calibrating parameters can be an expensive operation.
var params scrypt.Params
func main() {
var err error
// 500ms, 64MB of RAM per hash.
params, err = scrypt.Calibrate(500*time.Millisecond, 64, Params{})
if err != nil {
return nil, err
}
...
}
func RegisterUserHandler(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// Make sure you validate: not empty, not too long, etc.
email := r.PostFormValue("email")
pass := r.PostFormValue("password")
// Use our calibrated parameters
hash, err := scrypt.GenerateFromPassword([]byte(pass), params)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// Save to DB, etc.
}
Be aware that increasing these, whilst making it harder to brute-force the resulting hash, also increases the risk of a denial-of-service attack against your server. A surge in authenticate attempts (even if legitimate!) could consume all available resources.
License
MIT Licensed. See LICENSE file for details.
*Note that all licence references and agreements mentioned in the simple-scrypt README section above
are relevant to that project's source code only.