~eau/passwd

be38b055ba9238f99d34b064fc5bff69ddddcbf3 — eau 4 years ago 1dc247a
README update again.
1 files changed, 12 insertions(+), 15 deletions(-)

M README.md
M README.md => README.md +12 -15
@@ 38,7 38,7 @@ You can also decide to use your own *Argon2* or *Scrypt* custom parameters with 
How to Use the package
----------------------

## About Hashing Profiles
# About Hashing Profiles
It is an attempt to dimension crypto parameters to common use cases (interactive/web auth/blabla) vs file storage

- Default  : ~interactive.


@@ 56,10 56,7 @@ if no interoperability is needed (outside your authentication needs) and to make
attacker, you might "mask" your parameters (instead of embedding them in the resulting hash).
      




### Public parameters (common practice)
## Public parameters (common practice)

Public parameters will embbed the derivation parameters in the resulting hash.
This allows you to simply use the **`passwd.Compare()`** function against a hash without


@@ 67,7 64,7 @@ the need of a profile object.



### Masked parameters
## Masked parameters

Masked parameters will remove the derivation parameters from the resulting hash.
This requires you to **`passwd.NewMasked()`** before calling the profile **`Compare()`**


@@ 79,7 76,7 @@ with your key derivation in order to attack it offline.
**!!! IMPORTANT !!! This is NOT what makes your hash safe, it just makes it slightly harder to attack offline.**     


### Key'ed Hash 
## Key'ed Hash 


Key'd hashes makes it impossible to bruteforce (unless collision in hashes of course or the secret leaks), 


@@ 91,8 88,8 @@ This requires you to **`<profile>.SetSecret()`** before call the **`Hash()`** or



## Examples 
### Password Hashing (public parameters):
# Examples 
## Password Hashing (public parameters):

create a password hashing object with *Argon2* default profile:   



@@ 110,7 107,7 @@ done, that's it, now **`hashed`** contain the hashed password:



### Password Compare (public parameters / bcrypt) :
## Password Compare (public parameters / bcrypt) :

check a hash against a password:   



@@ 122,7 119,7 @@ done, `err` will be nil if the password matches the hash.



### Password Hashing (**masked parameters**):
## Password Hashing (**masked parameters**):

create a password hashing profile:   



@@ 140,7 137,7 @@ masked.
**`$2id$ihFFCGUfBHTqUfvUIos6X.$AmClxc.3uj6LsxjVGqpOZggyqIL.wQJ9zjY23ztsETK`**    


### Password Compare (**masked parameters**) :
## Password Compare (**masked parameters**) :

check a hash against a password:  



@@ 165,7 162,7 @@ Note: small issue with git.sr.ht that prevents for now to go get subpackages ins
hopefully this helps understanding how to use this package.      


## Changelog
# Changelog

* v0.2.0: (MASTER BRANCH / NOT RELEASED/TAGGED THIS IS JUST MASTER).
	* added key'd hash ability (using sha3-256/384 instead sha1/sha256) based on facebook key'd hmac salt/hash using 


@@ 189,7 186,7 @@ hopefully this helps understanding how to use this package.
* v0.1.0: initial release


## Important Notes
# Important Notes

bcrypt is just a wrapper to `x/crypto/bcrypt`, only scrypt and argon support masked parameters.



@@ 198,7 195,7 @@ using a modern profile to store new passwords.



## Featuring (because there is always a star in your production..)
# Featuring (because there is always a star in your production..)

* [Argon2](https://en.wikipedia.org/wiki/Argon2) for today key stretching.
* [Scrypt](http://en.wikipedia.org/wiki/Scrypt) for key stretching.