DEV Community: Nesniv Ogem The latest articles on DEV Community by Nesniv Ogem (@nesniv). https://dev.to/nesniv https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2986771%2F79fc5b5e-a953-4cda-beb6-41b2e0e2da61.png DEV Community: Nesniv Ogem https://dev.to/nesniv en How to Implement Argon2 for Secure Password Hashing in Go Nesniv Ogem Tue, 03 Jun 2025 05:05:40 +0000 https://dev.to/nesniv/how-to-implement-argon2-for-secure-password-hashing-in-go-54ec https://dev.to/nesniv/how-to-implement-argon2-for-secure-password-hashing-in-go-54ec <h2> Table of Content </h2> <ul> <li> Understanding Argon2 <ul> <li>Major Benefits from Legacy Algorithms</li> <li>Argon2 Variants</li> </ul> </li> <li> Implementation Framework <ul> <li>Environment Setup</li> <li>Cryptographically Secure Salt</li> <li>Parameters Configuration</li> </ul> </li> <li> Production Implementation <ul> <li>Password Hashing Implementation</li> <li>Password Verification Implementation</li> <li>Testing the Implementation</li> <li>Validation Needed</li> </ul> </li> <li> Best Practices and Security Considerations <ul> <li><a href="">Guidelines for Security in Implementation</a></li> <li><a href="">Best Practices</a></li> </ul> </li> <li> Conclusion <ul> <li><a href="">Additional Resources</a></li> </ul> </li> </ul> <h2> Understanding Argon2 </h2> <p>Being the winner in the Password Hashing Competition (PHC) for its better resistance to current attack vectors, <code>Argon2</code> is the present gold standard for password hashing methods. Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich created it in reaction to the changing threat environment for password security. The algorithm tackles basic flaws found in outdated hashing algorithms using creative design concepts that give memory-hardness and resistance to specialized hardware attacks.</p> <p>This article provides best practices, security concerns, and practical implementations for implementing Argon2, especially in <strong>Go</strong> projects.</p> <h3> Major Benefits From Legacy Algorithms </h3> <p>Argon2 provides advancements above classical password hashing techniques like PBKDF2 and bcrypt:</p> <ul> <li><p><strong>Memory-Hardness</strong>: The main benefit of Argon2 is its high memory usage for hashing process. This trait makes large-scale attacks using specialized hardware (GPUs, ASICs) financially expensive since attackers have to supply considerable memory resources for parallel processing.</p></li> <li><p><strong>Customizable Settings</strong>: Depending on their particular infrastructure capabilities, the algorithm offers thorough control over security parameters, therefore enabling companies to balance security needs with performance limits.</p></li> <li><p><strong>Multi-Vector Attack Resistance</strong>: Argon2 is meant to resist several attack methods used by threat agents, including brute-force assaults, side-channel attacks, time-memory trade-offs, and more complex techniques.</p></li> </ul> <h3> Argon2 Variants </h3> <p>Argon2 comes in three different versions, each tailored for certain security needs:</p> <ul> <li><p><strong>Argon2d.</strong> Using data-dependent memory access designs, this variant optimized for maximum resistance against GPU-based attacks. This variant introduces computational dependencies that greatly prevent attempts at parallelization. But the data-dependent approach opens possible vulnerability to side-channel timing attacks. Best for controlled environment when side-channel attacks are not a concern (e.g: server password storage).</p></li> <li><p><strong>Argon2i.</strong> Using data-independent memory access designs, this variant put priority to avoid side-channel attack, but it is less resistant to GPU attack than Argon2d. This variant offers better defence against timing-based side-channel exploitations. Best for environment where possible attackers might see the hashing process (e.g: cryptocurrencies).</p></li> <li><p><strong>Argon2id.</strong> Hybrid method drawing on the best features of either version. First passes using <strong>Argon2i</strong> aim to avoid side-channel attacks; then change to <strong>Argon2d</strong> for improved GPU attack resistance. Most production environments are advised to use this variant as it offers balanced defense against many attack vectors.</p></li> </ul> <h2> Implementation Framework </h2> <h3> Environment Setup </h3> <p>For <code>Go</code>, the recommended approach is utilizes the official extended cryptography library:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go get golang.org/x/crypto/argon2 </code></pre> </div> <p>This library offers a strong, well managed implementation, following cryptographic best practices.</p> <h3> Cryptographically Secure Salt </h3> <p>A crucial security feature that has to be properly applied is salt generation. Every password has to use a distinct, cryptographically safe salt to avoid <a href="https://en.wikipedia.org/wiki/Rainbow_table" rel="noopener noreferrer">rainbow table attacks</a> and guarantee hash uniqueness even for same passwords.</p> <p><strong>Best Practices:</strong></p> <ul> <li><p>Choose cryptographically safe random number generators, as in <code>crypto/rand</code>.</p></li> <li><p>Apply 16-byte (128-bit) minimum salt length.</p></li> <li><p>Create distinct salts for every password process.</p></li> <li><p>Don't use pseudorandom generators inappropriate for cryptographic (e.g., <code>math/rand</code>).</p></li> </ul> <h3> Parameters Configuration </h3> <p>Appropriate parameters value are critical for a balance of optimal security and performance. Important parameters needs detailed attention are:</p> <ul> <li><p><strong>Hash Length</strong>: The output hash size in bytes. Longer hashes offer more resistance to collisions. Most applications should use 32 bytes (256 bits); standard implementations range from 16 to 64 bytes.</p></li> <li><p><strong>Memory Cost</strong>: The memory usage in KiB (1024-byte units). Higher values improve security but increase resource usage. Typical enterprise setups span 32 MiB (32,768 KiB) to 1 GiB (1,048,576 KiB).</p></li> <li><p><strong>Time Cost</strong>: The iteration count. More iterations improve security but increase processing time. Standard practice use 1 to 10 iterations.</p></li> <li><p><strong>Parallelism</strong> The concurrent thread usage. Should usually based on the CPU core count on hand. 1, 2, 4, or 8 threads are typical configurations.</p></li> </ul> <p><strong>Tips:</strong> Aim for 250–500 millisecond hashing timing to balance user experience factors with security needs.</p> <h2> Production Implementation </h2> <h3> Password Hashing Implementation </h3> <p>Argon2 typically follow the <a href="https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md" rel="noopener noreferrer">PHC String Format</a>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$argon2&lt;variant&gt;$v=&lt;version&gt;$m=&lt;memory&gt;,t=&lt;iterations&gt;,p=&lt;parallelism&gt;$&lt;salt&gt;$&lt;hash&gt; </code></pre> </div> <p>Example:<code>$argon2id$v=19$m=65536,t=3,p=4$G8NYSxrA+UMGHJbZVIXXXQ$UrHyBcYfCEms+92QVzGmfYqrWtH54WJY9FuROBQi/X8</code></p> <p><strong>Format Components</strong>:</p> <ul> <li><p><code>argon2id</code>: Algorithm variant identifier</p></li> <li><p><code>v=19</code>: Argon2 version</p></li> <li><p><code>m=65536,t=3,p=4</code>: Parameter encoding (memory, time, parallelism)</p></li> <li><p><code>G8NYSxrA+UMGHJbZVIXXXQ</code>: Base64-encoded salt</p></li> <li><p><code>UrHyBcYfCEms+92QVzGmfYqrWtH54WJY9FuROBQi/X8</code>: Base64-encoded hash<br> </p></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"crypto/rand"</span> <span class="s">"encoding/base64"</span> <span class="s">"fmt"</span> <span class="s">"golang.org/x/crypto/argon2"</span> <span class="s">"log"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">Argon2Configuration</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">HashRaw</span> <span class="p">[]</span><span class="kt">byte</span> <span class="n">Salt</span> <span class="p">[]</span><span class="kt">byte</span> <span class="n">TimeCost</span> <span class="kt">uint32</span> <span class="n">MemoryCost</span> <span class="kt">uint32</span> <span class="n">Threads</span> <span class="kt">uint8</span> <span class="n">KeyLength</span> <span class="kt">uint32</span> <span class="p">}</span> <span class="k">func</span> <span class="n">generateCryptographicSalt</span><span class="p">(</span><span class="n">saltSize</span> <span class="kt">uint32</span><span class="p">)</span> <span class="p">([]</span><span class="kt">byte</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">salt</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="kt">byte</span><span class="p">,</span> <span class="n">saltSize</span><span class="p">)</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">rand</span><span class="o">.</span><span class="n">Read</span><span class="p">(</span><span class="n">salt</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"salt generation failed: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">salt</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">hashPasswordSecure</span><span class="p">(</span><span class="n">password</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">config</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">Argon2Configuration</span><span class="p">{</span> <span class="n">TimeCost</span><span class="o">:</span> <span class="m">2</span><span class="p">,</span> <span class="n">MemoryCost</span><span class="o">:</span> <span class="m">64</span> <span class="o">*</span> <span class="m">1024</span><span class="p">,</span> <span class="n">Threads</span><span class="o">:</span> <span class="m">4</span><span class="p">,</span> <span class="n">KeyLength</span><span class="o">:</span> <span class="m">32</span><span class="p">,</span> <span class="p">}</span> <span class="n">salt</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">generateCryptographicSalt</span><span class="p">(</span><span class="m">16</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"password hashing failed: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">config</span><span class="o">.</span><span class="n">Salt</span> <span class="o">=</span> <span class="n">salt</span> <span class="c">// Execute Argon2id hashing algorithm</span> <span class="n">config</span><span class="o">.</span><span class="n">HashRaw</span> <span class="o">=</span> <span class="n">argon2</span><span class="o">.</span><span class="n">IDKey</span><span class="p">(</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">password</span><span class="p">),</span> <span class="n">config</span><span class="o">.</span><span class="n">Salt</span><span class="p">,</span> <span class="n">config</span><span class="o">.</span><span class="n">TimeCost</span><span class="p">,</span> <span class="n">config</span><span class="o">.</span><span class="n">MemoryCost</span><span class="p">,</span> <span class="n">config</span><span class="o">.</span><span class="n">Threads</span><span class="p">,</span> <span class="n">config</span><span class="o">.</span><span class="n">KeyLength</span><span class="p">,</span> <span class="p">)</span> <span class="c">// Generate standardized hash format</span> <span class="n">encodedHash</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span> <span class="s">"$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s"</span><span class="p">,</span> <span class="n">argon2</span><span class="o">.</span><span class="n">Version</span><span class="p">,</span> <span class="n">config</span><span class="o">.</span><span class="n">MemoryCost</span><span class="p">,</span> <span class="n">config</span><span class="o">.</span><span class="n">TimeCost</span><span class="p">,</span> <span class="n">config</span><span class="o">.</span><span class="n">Threads</span><span class="p">,</span> <span class="n">base64</span><span class="o">.</span><span class="n">RawStdEncoding</span><span class="o">.</span><span class="n">EncodeToString</span><span class="p">(</span><span class="n">config</span><span class="o">.</span><span class="n">Salt</span><span class="p">),</span> <span class="n">base64</span><span class="o">.</span><span class="n">RawStdEncoding</span><span class="o">.</span><span class="n">EncodeToString</span><span class="p">(</span><span class="n">config</span><span class="o">.</span><span class="n">HashRaw</span><span class="p">),</span> <span class="p">)</span> <span class="k">return</span> <span class="n">encodedHash</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">hash</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">hashPasswordSecure</span><span class="p">(</span><span class="s">"enterprise_secure_password"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Secure hash generated:"</span><span class="p">,</span> <span class="n">hash</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h3> Password Verification Implementation </h3> <p>Password verification need to be well implementated to maintain security, while providing reliable authentication.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"crypto/subtle"</span> <span class="s">"encoding/base64"</span> <span class="s">"errors"</span> <span class="s">"fmt"</span> <span class="s">"golang.org/x/crypto/argon2"</span> <span class="s">"strings"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">parseArgon2Hash</span><span class="p">(</span><span class="n">encodedHash</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">Argon2Configuration</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">components</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Split</span><span class="p">(</span><span class="n">encodedHash</span><span class="p">,</span> <span class="s">"$"</span><span class="p">)</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">components</span><span class="p">)</span> <span class="o">!=</span> <span class="m">6</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"invalid hash format structure"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Validate algorithm identifier</span> <span class="k">if</span> <span class="o">!</span><span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">components</span><span class="p">[</span><span class="m">1</span><span class="p">],</span> <span class="s">"argon2id"</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"unsupported algorithm variant"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Extract version information</span> <span class="k">var</span> <span class="n">version</span> <span class="kt">int</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sscanf</span><span class="p">(</span><span class="n">components</span><span class="p">[</span><span class="m">2</span><span class="p">],</span> <span class="s">"v=%d"</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">version</span><span class="p">)</span> <span class="c">// Parse configuration parameters</span> <span class="n">config</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">Argon2Configuration</span><span class="p">{}</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sscanf</span><span class="p">(</span><span class="n">components</span><span class="p">[</span><span class="m">3</span><span class="p">],</span> <span class="s">"m=%d,t=%d,p=%d"</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">config</span><span class="o">.</span><span class="n">MemoryCost</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">config</span><span class="o">.</span><span class="n">TimeCost</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">config</span><span class="o">.</span><span class="n">Threads</span><span class="p">)</span> <span class="c">// Decode salt component</span> <span class="n">salt</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">base64</span><span class="o">.</span><span class="n">RawStdEncoding</span><span class="o">.</span><span class="n">DecodeString</span><span class="p">(</span><span class="n">components</span><span class="p">[</span><span class="m">4</span><span class="p">])</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"salt decoding failed: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">config</span><span class="o">.</span><span class="n">Salt</span> <span class="o">=</span> <span class="n">salt</span> <span class="c">// Decode hash component</span> <span class="n">hash</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">base64</span><span class="o">.</span><span class="n">RawStdEncoding</span><span class="o">.</span><span class="n">DecodeString</span><span class="p">(</span><span class="n">components</span><span class="p">[</span><span class="m">5</span><span class="p">])</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"hash decoding failed: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">config</span><span class="o">.</span><span class="n">HashRaw</span> <span class="o">=</span> <span class="n">hash</span> <span class="n">config</span><span class="o">.</span><span class="n">KeyLength</span> <span class="o">=</span> <span class="kt">uint32</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">hash</span><span class="p">))</span> <span class="k">return</span> <span class="n">config</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">verifyPasswordSecure</span><span class="p">(</span><span class="n">storedHash</span><span class="p">,</span> <span class="n">providedPassword</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">bool</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Parse stored hash parameters</span> <span class="n">config</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">parseArgon2Hash</span><span class="p">(</span><span class="n">storedHash</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">false</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"hash parsing failed: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Generate hash using identical parameters</span> <span class="n">computedHash</span> <span class="o">:=</span> <span class="n">argon2</span><span class="o">.</span><span class="n">IDKey</span><span class="p">(</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">providedPassword</span><span class="p">),</span> <span class="n">config</span><span class="o">.</span><span class="n">Salt</span><span class="p">,</span> <span class="n">config</span><span class="o">.</span><span class="n">TimeCost</span><span class="p">,</span> <span class="n">config</span><span class="o">.</span><span class="n">MemoryCost</span><span class="p">,</span> <span class="n">config</span><span class="o">.</span><span class="n">Threads</span><span class="p">,</span> <span class="n">config</span><span class="o">.</span><span class="n">KeyLength</span><span class="p">,</span> <span class="p">)</span> <span class="c">// Perform constant-time comparison to prevent timing attacks</span> <span class="n">match</span> <span class="o">:=</span> <span class="n">subtle</span><span class="o">.</span><span class="n">ConstantTimeCompare</span><span class="p">(</span><span class="n">config</span><span class="o">.</span><span class="n">HashRaw</span><span class="p">,</span> <span class="n">computedHash</span><span class="p">)</span> <span class="o">==</span> <span class="m">1</span> <span class="k">return</span> <span class="n">match</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">authenticateUser</span><span class="p">(</span><span class="n">storedHash</span><span class="p">,</span> <span class="n">password</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">isValid</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">verifyPasswordSecure</span><span class="p">(</span><span class="n">storedHash</span><span class="p">,</span> <span class="n">password</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"authentication process failed: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="o">!</span><span class="n">isValid</span> <span class="p">{</span> <span class="k">return</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"authentication credentials invalid"</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h3> Testing the Implementation </h3> <p>Validation of cryptographic implementations depends on thorough testing.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main_test</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"bytes"</span> <span class="s">"testing"</span> <span class="s">"golang.org/x/crypto/argon2"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">TestArgon2Consistency</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="n">password</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="s">"enterprise_test_password"</span><span class="p">)</span> <span class="n">salt</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="s">"standardized_salt_value"</span><span class="p">)</span> <span class="c">// Standard parameters</span> <span class="n">timeCost</span> <span class="o">:=</span> <span class="kt">uint32</span><span class="p">(</span><span class="m">3</span><span class="p">)</span> <span class="n">memoryCost</span> <span class="o">:=</span> <span class="kt">uint32</span><span class="p">(</span><span class="m">64</span> <span class="o">*</span> <span class="m">1024</span><span class="p">)</span> <span class="n">threads</span> <span class="o">:=</span> <span class="kt">uint8</span><span class="p">(</span><span class="m">4</span><span class="p">)</span> <span class="n">keyLength</span> <span class="o">:=</span> <span class="kt">uint32</span><span class="p">(</span><span class="m">32</span><span class="p">)</span> <span class="c">// Generate multiple hashes with identical parameters</span> <span class="n">hash1</span> <span class="o">:=</span> <span class="n">argon2</span><span class="o">.</span><span class="n">IDKey</span><span class="p">(</span><span class="n">password</span><span class="p">,</span> <span class="n">salt</span><span class="p">,</span> <span class="n">timeCost</span><span class="p">,</span> <span class="n">memoryCost</span><span class="p">,</span> <span class="n">threads</span><span class="p">,</span> <span class="n">keyLength</span><span class="p">)</span> <span class="n">hash2</span> <span class="o">:=</span> <span class="n">argon2</span><span class="o">.</span><span class="n">IDKey</span><span class="p">(</span><span class="n">password</span><span class="p">,</span> <span class="n">salt</span><span class="p">,</span> <span class="n">timeCost</span><span class="p">,</span> <span class="n">memoryCost</span><span class="p">,</span> <span class="n">threads</span><span class="p">,</span> <span class="n">keyLength</span><span class="p">)</span> <span class="c">// Verify consistency</span> <span class="k">if</span> <span class="o">!</span><span class="n">bytes</span><span class="o">.</span><span class="n">Equal</span><span class="p">(</span><span class="n">hash1</span><span class="p">,</span> <span class="n">hash2</span><span class="p">)</span> <span class="p">{</span> <span class="n">t</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="s">"Identical inputs produced inconsistent hashes"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Verify uniqueness for different inputs</span> <span class="n">differentPassword</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="s">"alternative_test_password"</span><span class="p">)</span> <span class="n">hash3</span> <span class="o">:=</span> <span class="n">argon2</span><span class="o">.</span><span class="n">IDKey</span><span class="p">(</span><span class="n">differentPassword</span><span class="p">,</span> <span class="n">salt</span><span class="p">,</span> <span class="n">timeCost</span><span class="p">,</span> <span class="n">memoryCost</span><span class="p">,</span> <span class="n">threads</span><span class="p">,</span> <span class="n">keyLength</span><span class="p">)</span> <span class="k">if</span> <span class="n">bytes</span><span class="o">.</span><span class="n">Equal</span><span class="p">(</span><span class="n">hash1</span><span class="p">,</span> <span class="n">hash3</span><span class="p">)</span> <span class="p">{</span> <span class="n">t</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="s">"Different passwords produced identical hashes"</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">TestArgon2EdgeCases</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="n">salt</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="s">"edge_case_testing_salt"</span><span class="p">)</span> <span class="n">timeCost</span> <span class="o">:=</span> <span class="kt">uint32</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="n">memoryCost</span> <span class="o">:=</span> <span class="kt">uint32</span><span class="p">(</span><span class="m">32</span> <span class="o">*</span> <span class="m">1024</span><span class="p">)</span> <span class="n">threads</span> <span class="o">:=</span> <span class="kt">uint8</span><span class="p">(</span><span class="m">2</span><span class="p">)</span> <span class="n">keyLength</span> <span class="o">:=</span> <span class="kt">uint32</span><span class="p">(</span><span class="m">32</span><span class="p">)</span> <span class="c">// Test empty password handling</span> <span class="n">emptyPassword</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="s">""</span><span class="p">)</span> <span class="n">hash</span> <span class="o">:=</span> <span class="n">argon2</span><span class="o">.</span><span class="n">IDKey</span><span class="p">(</span><span class="n">emptyPassword</span><span class="p">,</span> <span class="n">salt</span><span class="p">,</span> <span class="n">timeCost</span><span class="p">,</span> <span class="n">memoryCost</span><span class="p">,</span> <span class="n">threads</span><span class="p">,</span> <span class="n">keyLength</span><span class="p">)</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">hash</span><span class="p">)</span> <span class="o">!=</span> <span class="kt">int</span><span class="p">(</span><span class="n">keyLength</span><span class="p">)</span> <span class="p">{</span> <span class="n">t</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="s">"Empty password handling failed"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Test extended and special characters handling</span> <span class="n">extendedPassword</span> <span class="o">:=</span> <span class="nb">append</span><span class="p">(</span><span class="n">bytes</span><span class="o">.</span><span class="n">Repeat</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="s">"x"</span><span class="p">),</span> <span class="m">1000</span><span class="p">),</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="s">"🙂🙃"</span><span class="p">)</span><span class="o">...</span><span class="p">)</span> <span class="n">hash</span> <span class="o">=</span> <span class="n">argon2</span><span class="o">.</span><span class="n">IDKey</span><span class="p">(</span><span class="n">extendedPassword</span><span class="p">,</span> <span class="n">salt</span><span class="p">,</span> <span class="n">timeCost</span><span class="p">,</span> <span class="n">memoryCost</span><span class="p">,</span> <span class="n">threads</span><span class="p">,</span> <span class="n">keyLength</span><span class="p">)</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">hash</span><span class="p">)</span> <span class="o">!=</span> <span class="kt">int</span><span class="p">(</span><span class="n">keyLength</span><span class="p">)</span> <span class="p">{</span> <span class="n">t</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="s">"Extended password handling failed"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Verify parameter sensitivity</span> <span class="n">baseHash</span> <span class="o">:=</span> <span class="n">argon2</span><span class="o">.</span><span class="n">IDKey</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="s">"test_password"</span><span class="p">),</span> <span class="n">salt</span><span class="p">,</span> <span class="n">timeCost</span><span class="p">,</span> <span class="n">memoryCost</span><span class="p">,</span> <span class="n">threads</span><span class="p">,</span> <span class="n">keyLength</span><span class="p">)</span> <span class="n">modifiedHash</span> <span class="o">:=</span> <span class="n">argon2</span><span class="o">.</span><span class="n">IDKey</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="s">"test_password"</span><span class="p">),</span> <span class="n">salt</span><span class="p">,</span> <span class="n">timeCost</span><span class="o">+</span><span class="m">1</span><span class="p">,</span> <span class="n">memoryCost</span><span class="o">+</span><span class="m">1</span><span class="p">,</span> <span class="n">threads</span><span class="o">+</span><span class="m">1</span><span class="p">,</span> <span class="n">keyLength</span><span class="p">)</span> <span class="k">if</span> <span class="n">bytes</span><span class="o">.</span><span class="n">Equal</span><span class="p">(</span><span class="n">baseHash</span><span class="p">,</span> <span class="n">modifiedHash</span><span class="p">)</span> <span class="p">{</span> <span class="n">t</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="s">"Parameter modification did not affect hash output"</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Validation Needed</strong></p> <ul> <li><p><strong>Consistency Testing</strong>. Check that the same inputs yield consistent results throughout several runs. Validate that various inputs produce different hash values.</p></li> <li><p><strong>Parameter Sensitivity</strong>. Guarantee that changes in parameters produce distinct hash outputs.</p></li> <li><p><strong>Edge Case Handling</strong>. Test limits with special character sets, maximum-length passwords, and zero passwords.</p></li> <li><p><strong>Standard Compliance</strong>. Validate against Argon2 official test vectors to guarantee specification compliance.</p></li> </ul> <h2> Best Practices and Security Considerations </h2> <p><strong>Error Handling.</strong> Maintaining security also need to do correct error handling and gives suitable system feedback. Present generic authentication failure message e.g: <code>Login Failed</code> to users, it will help to avoid information leak. But log detailed technical errors for further issue analysis.</p> <p><strong>Use the encoded hash format.</strong> Avoid storing the parameters separately. The encoded hash string contains all needed data for password verification.</p> <p><strong>Benchmark on production hardware.</strong> Performance tuning has to be done in your real production setting. Parameters that work well on development computers might be unsuitable or ineffective in production.</p> <p><strong>Periodically parameter revision.</strong> Memory and time expenses should be modified as computing capability grows. When handling password verification is a good chance to modifie your hash parameters. You can simply re-hash the valid plain passwords with the new parameters.</p> <p><strong>Limit a sensible maximum password length.</strong> Unlike 72 bytes limit on bcrypt, Argon2 practically allows unlimited length of input. But permitting very long passwords could leave the system open to denial-of-service attacks. It's best to limit the password to a sensible length, usually 64 to 128 characters.</p> <p><strong>Utilize reliable libraries.</strong> Instead of implementing Argon2 by your own from scratch, depend on well-known, highly vetted libraries.</p> <p><strong>Test your implementation.</strong> Test against recognized input-output pairs to guarantee the robustness of your setup. Verify that invalid credentials are consistently rejected and that valid ones are authenticated properly. You can compare your implementation with available <a href="https://onlinecodingtools.com/cryptography/argon2-generator/" rel="noopener noreferrer">online generator or validator tools.</a></p> <h2> Conclusion </h2> <p>Providing strong defense against modern assault techniques, Argon2 is the current state-of-the-art in password hashing technology. Good execution calls for close focus on parameter configuration, coded language, and continuous security upkeep.</p> <p>Argon2 should be used by companies giving top priority thorough testing, constant parameter review, and compliance with known cryptographic best practices. Good implementation investments offer substantial security advantages and show dedication to safeguarding user credentials against changing threat environments.</p> <h3> Additional Resources </h3> <ul> <li><p><a href="https://github.com/P-H-C/phc-winner-argon2" rel="noopener noreferrer">Official Argon2 Repository</a></p></li> <li><p><a href="https://www.cryptolux.org/images/0/0d/Argon2.pdf" rel="noopener noreferrer">Argon2 Cryptographic Specification</a></p></li> <li><p><a href="https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html" rel="noopener noreferrer">OWASP Password Storage Guidelines</a></p></li> </ul> go programming cryptography password [Boost] Nesniv Ogem Tue, 22 Apr 2025 11:38:40 +0000 https://dev.to/nesniv/-2491 https://dev.to/nesniv/-2491 <div class="ltag__link--embedded"> <div class="crayons-story "> <a href="https://dev.to/nesniv/understanding-bcrypts-work-factor-and-choosing-the-right-value-103m" class="crayons-story__hidden-navigation-link">Understanding Bcrypt's Work Factor and Choosing the Right Value</a> <div class="crayons-story__body crayons-story__body-full_post"> <div class="crayons-story__top"> <div class="crayons-story__meta"> <div class="crayons-story__author-pic"> <a href="/nesniv" class="crayons-avatar crayons-avatar--l "> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2986771%2F79fc5b5e-a953-4cda-beb6-41b2e0e2da61.png" alt="nesniv profile" class="crayons-avatar__image"> </a> </div> <div> <div> <a href="/nesniv" class="crayons-story__secondary fw-medium m:hidden"> Nesniv Ogem </a> <div class="profile-preview-card relative mb-4 s:mb-0 fw-medium hidden m:inline-block"> Nesniv Ogem <div id="story-author-preview-content-2382971" class="profile-preview-card__content crayons-dropdown branded-7 p-4 pt-0"> <div class="gap-4 grid"> <div class="-mt-4"> <a href="/nesniv" class="flex"> <span class="crayons-avatar crayons-avatar--xl mr-2 shrink-0"> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2986771%2F79fc5b5e-a953-4cda-beb6-41b2e0e2da61.png" class="crayons-avatar__image" alt=""> </span> <span class="crayons-link crayons-subtitle-2 mt-5">Nesniv Ogem</span> </a> </div> <div class="print-hidden"> Follow </div> <div class="author-preview-metadata-container"></div> </div> </div> </div> </div> <a href="https://dev.to/nesniv/understanding-bcrypts-work-factor-and-choosing-the-right-value-103m" class="crayons-story__tertiary fs-xs"><time>Apr 5 '25</time><span class="time-ago-indicator-initial-placeholder"></span></a> </div> </div> </div> <div class="crayons-story__indention"> <h2 class="crayons-story__title crayons-story__title-full_post"> <a href="https://dev.to/nesniv/understanding-bcrypts-work-factor-and-choosing-the-right-value-103m" id="article-link-2382971"> Understanding Bcrypt's Work Factor and Choosing the Right Value </a> </h2> <div class="crayons-story__tags"> <a class="crayons-tag crayons-tag--monochrome " href="/t/programming"><span class="crayons-tag__prefix">#</span>programming</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/security"><span class="crayons-tag__prefix">#</span>security</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/webdev"><span class="crayons-tag__prefix">#</span>webdev</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/go"><span class="crayons-tag__prefix">#</span>go</a> </div> <div class="crayons-story__bottom"> <div class="crayons-story__details"> <a href="https://dev.to/nesniv/understanding-bcrypts-work-factor-and-choosing-the-right-value-103m" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left"> <div class="multiple_reactions_aggregate"> <span class="multiple_reactions_icons_container"> <span class="crayons_icon_container"> <img src="https://assets.dev.to/assets/fire-f60e7a582391810302117f987b22a8ef04a2fe0df7e3258a5f49332df1cec71e.svg" width="18" height="18"> </span> <span class="crayons_icon_container"> <img src="https://assets.dev.to/assets/sparkle-heart-5f9bee3767e18deb1bb725290cb151c25234768a0e9a2bd39370c382d02920cf.svg" width="18" height="18"> </span> </span> <span class="aggregate_reactions_counter">5<span class="hidden s:inline"> reactions</span></span> </div> </a> <a href="https://dev.to/nesniv/understanding-bcrypts-work-factor-and-choosing-the-right-value-103m#comments" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left flex items-center"> Comments <span class="hidden s:inline">Add Comment</span> </a> </div> <div class="crayons-story__save"> <small class="crayons-story__tertiary fs-xs mr-2"> 5 min read </small> <span class="bm-initial"> </span> <span class="bm-success"> </span> </div> </div> </div> </div> </div> </div> programming security webdev go Understanding Bcrypt's Work Factor and Choosing the Right Value Nesniv Ogem Sat, 05 Apr 2025 16:39:18 +0000 https://dev.to/nesniv/understanding-bcrypts-work-factor-and-choosing-the-right-value-103m https://dev.to/nesniv/understanding-bcrypts-work-factor-and-choosing-the-right-value-103m <h2> <strong>My Thought on Bcrypt &amp; Why Work Factor Matters</strong> </h2> <p>If you ever work with passwords in coding either for work or for fun, you probably know the #1 rule: <strong>never</strong> store them as plain text! I’ve always seen bcrypt as the go-to for password hashing. Developers seem to love it. But let’s be honest, a lot of us just copy-paste some code from the Stack Overflow without really thinking about what’s going on under the hood. And in doing so, we often skip an important detail: the <strong>work factor</strong>. </p> <h4> <strong>What so special about bcrypt?</strong> </h4> <p>Bcrypt not just another hashing function, it has two key features that make it stand out: </p> <ul> <li> <strong>Automatic salt</strong>. Every time you hash a password, it generates and use a unique salt. This basically shuts the door on rainbow table attacks. </li> <li> <strong>Adaptive hashing (a.k.a. slowing things down on purpose)</strong>. You can tweak a parameter called the <strong>work factor</strong>, which makes hashing take longer time and more computation power. This is actually a good thing! It means brute-force attacks become much harder and way more expensive. </li> </ul> <p>At first, I thought the work factor was just some random number you set once and forget. Nope. Turns out, it’s crucial for keeping passwords secure, and you <strong>need</strong> to adjust it as computers get faster.</p> <h4> <strong>Why Work Factor Matters</strong> </h4> <p>Hardware technology move fast, and what was "secure" ten years ago might be considered weak today. Here’s a rough timeline: </p> <ul> <li> <strong>2010:</strong> Work factor <strong>10</strong> was considered solid. </li> <li> <strong>2025:</strong> Security pros suggest bumping it up to <strong>12 or 14</strong>. </li> <li> <strong>Future:</strong> We might need <strong>15+</strong> as hardware keeps improving. </li> </ul> <p>Basically, if your work factor is too low, bcrypt won’t be as effective. And if it’s too high, well… your users might start thinking your app is broken. </p> <h4> <strong>What I want to share</strong> </h4> <ul> <li>What the work factor actually <strong>does</strong>.</li> <li>How to pick the right number for <strong>your</strong> project.</li> <li>Some tricks to keep your passwords safe <strong>without</strong> making your project slow.</li> </ul> <p>So whether you’re just starting with bcrypt or fixing an old project, getting the work factor right is what takes your password security from <strong>“eh, good enough”</strong> to <strong>“actually solid”</strong>.</p> <h2> <strong>So, What is Work Factor?</strong> </h2> <p>Basically, work factor (also called cost or rounds) is a parameter that controls how much computation being done to hash a password. More computation means more secure, but also more processing time and resource.</p> <p><strong>It grows exponentially</strong>, every time the work factor increased by 1, the hashing takes around twice as long. Under the hood Bcrypt repurposes the Blowfish cipher by using an expensive key setup mechanism, where the password is used during the key schedule. This work factor parameter controls the number of key setup iterations as 2^work_factor. This process is CPU intensive, unlike memory intensive algorithms like Argon2.</p> <p>So what does it mean in practice? Because a small increase can make hashing time jump exponentially, you can adjust this parameter based on your security requirement, or today hardware capability, making it harder to be brute forced regardless of advancement in hardware capability.</p> <p>A quick benchmark with <code>Go</code> in <code>MacBook Air Apple M2</code> to show how hashing time doubles on each increase of the work factor:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"time"</span> <span class="s">"golang.org/x/crypto/bcrypt"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">benchmarkBcrypt</span><span class="p">(</span><span class="n">workFactor</span> <span class="kt">int</span><span class="p">)</span> <span class="p">{</span> <span class="n">start</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span> <span class="n">password</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="s">"mySecurePassword123"</span><span class="p">)</span> <span class="n">hash</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">bcrypt</span><span class="o">.</span><span class="n">GenerateFromPassword</span><span class="p">(</span><span class="n">password</span><span class="p">,</span> <span class="n">workFactor</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"Work factor %d: %v (Hash: %s...)</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">workFactor</span><span class="p">,</span> <span class="n">time</span><span class="o">.</span><span class="n">Since</span><span class="p">(</span><span class="n">start</span><span class="p">),</span> <span class="kt">string</span><span class="p">(</span><span class="n">hash</span><span class="p">)[</span><span class="o">:</span><span class="m">20</span><span class="p">])</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="k">for</span> <span class="n">workFactor</span> <span class="o">:=</span> <span class="m">8</span><span class="p">;</span> <span class="n">workFactor</span> <span class="o">&lt;=</span> <span class="m">18</span><span class="p">;</span> <span class="n">workFactor</span><span class="o">++</span> <span class="p">{</span> <span class="n">benchmarkBcrypt</span><span class="p">(</span><span class="n">workFactor</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Work factor 8: 17.70425ms (Hash: $2a$08$E.o7Tqw8T07rh...) Work factor 9: 36.118125ms (Hash: $2a$09$JIS9lqNj47THu...) Work factor 10: 72.501958ms (Hash: $2a$10$axDX0ijlIs3p....) Work factor 11: 143.923834ms (Hash: $2a$11$m2KDuQl30gz6I...) Work factor 12: 284.81625ms (Hash: $2a$12$n.fKAp6jHNJWw...) Work factor 13: 573.204375ms (Hash: $2a$13$AQIMEUfJvtrQB...) Work factor 14: 1.151081s (Hash: $2a$14$EewXxPOg0JPnl...) Work factor 15: 2.300344583s (Hash: $2a$15$TAtTjpNYsTO0V...) Work factor 16: 4.658600542s (Hash: $2a$16$luaozYqMW1kME...) Work factor 17: 9.3284315s (Hash: $2a$17$U.OuLzA1HwqhQ...) Work factor 18: 18.565636625s (Hash: $2a$18$h8rxVyo2fUK2W...) </code></pre> </div> <p><strong><em>NOTE:</em></strong> The computation time is nearly identical for both generating and comparing/verifying the hash.</p> <p>If you’re using bcrypt, you need to check in on your work factor every few years. As computers get stronger, what’s "secure" today might be considered tomorrow.</p> <h2> <strong>What Work Factor Should I Use?</strong> </h2> <p>Bcrypt still relevant because it’s <strong>slow on purpose</strong>, but how slow is too slow? <br> As always the answer is "it depends". What kind of app are you building? How strong is the hardware? How much patience do your users have? </p> <p>In general, it's recommended to determine it by the amount of time password verification will take on your server, then calculate the value of work factor based upon that. You want verification to take as long as you can stand.</p> <p>In general, it's <a href="https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#using-work-factors" rel="noopener noreferrer">recommended to keep it under 1 second</a>:</p> <ul> <li> <strong>Too Low (≤10)</strong>: Easy pickings for modern GPUs and cloud brute-force attacks. </li> <li> <strong>Sweet Spot (12-14)</strong>: Good mix of security and speed (~250ms–1s per hash). </li> <li> <strong>Too High (≥16)</strong>: Feels like your app is crawling, and your server might cry. </li> </ul> <p><strong>Rough guide</strong> based on project type on this article written(2025):</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Application Type</th> <th>Minimum Value</th> <th>Notes</th> </tr> </thead> <tbody> <tr> <td><strong>Development/Testing</strong></td> <td>10</td> <td>Fast, but <strong>not recommended</strong> for production!</td> </tr> <tr> <td><strong>General Web Apps</strong></td> <td>12</td> <td>Secure enough without slowing things down (300-500ms)</td> </tr> <tr> <td><strong>Financial/Healthcare</strong></td> <td>13-14</td> <td>Stronger protection, but adds ~1-2s per login</td> </tr> <tr> <td><strong>Password Managers</strong></td> <td>14+</td> <td>Hardcore security for stored passwords</td> </tr> </tbody> </table></div> <p><strong>Things to consider:</strong> </p> <ul> <li> <strong>Will users notice?</strong> Most won’t care if login takes 1 second. (They’ll survive.) </li> <li> <strong>Can your servers handle it?</strong> Higher work factors mean <strong>higher CPU load</strong>. </li> </ul> <h2> <strong>Future-Proofing Your Password Hashing</strong> </h2> <p>One key advantage of having a work factor is that it can be increased over time as hardware becomes more powerful and cheaper. Common approach to upgrading the work factor is to <strong>gradually upgrade hashes</strong> until the next user authenticates, then re-hash their password with the new work factor. Depending on the requirement, it might be needed to force logout the users e.g: invalidate their session cookie or rolling your JWT secrets, to trigger the authentication flow.</p> <p><strong>Keep it adjustable</strong>. It's better to not hardcode your work factor, instead, store it in your configuration system.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">Authenticate</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">email</span><span class="p">,</span> <span class="n">password</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">bool</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">user</span> <span class="o">:=</span> <span class="n">db</span><span class="o">.</span><span class="n">GetUserByEmail</span><span class="p">(</span><span class="n">email</span><span class="p">)</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">bcrypt</span><span class="o">.</span><span class="n">CompareHashAndPassword</span><span class="p">(</span><span class="n">user</span><span class="o">.</span><span class="n">PasswordHash</span><span class="p">,</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">password</span><span class="p">))</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">false</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">currentCost</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">bcrypt</span><span class="o">.</span><span class="n">Cost</span><span class="p">(</span><span class="n">user</span><span class="o">.</span><span class="n">PasswordHash</span><span class="p">)</span> <span class="k">if</span> <span class="n">currentCost</span> <span class="o">&lt;</span> <span class="n">config</span><span class="o">.</span><span class="n">MinWorkFactor</span> <span class="p">{</span> <span class="n">newHash</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">bcrypt</span><span class="o">.</span><span class="n">GenerateFromPassword</span><span class="p">(</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">password</span><span class="p">),</span> <span class="n">config</span><span class="o">.</span><span class="n">MinWorkFactor</span><span class="p">)</span> <span class="n">db</span><span class="o">.</span><span class="n">UpdateUserPassword</span><span class="p">(</span><span class="n">user</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="n">newHash</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="no">true</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p><strong>Benefits</strong>:<br><br> ✔ No user interruption<br> ✔ Self-healing system over time<br> ✔ Distributed computational load</p> <h2> <strong>Key Takeaways for Implementers</strong> </h2> <ul> <li>Each +1 <strong>doubles</strong> hashing time and brute-force resistance. <strong>12 is the new minimum</strong> in 2025. </li> <li>Migration is inevitable. Hardware advances <strong>require periodic work factor bumps</strong>. Rolling rehashes beat mass password resets.</li> <li> <strong>Context Matters</strong>. Financial apps need <strong>14+</strong> while IoT may cap at <strong>8-10</strong>. Monitor and adjust based on <strong>your</strong> threat model.</li> </ul> <p>Reference and tools that might be useful for you:</p> <ul> <li><a href="https://auth0.com/blog/hashing-in-action-understanding-bcrypt/" rel="noopener noreferrer">Auth0 blog about bcrypt</a></li> <li><a href="https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html" rel="noopener noreferrer">OWASP article on password storage</a></li> <li><a href="https://github.com/shoenig/bcrypt-tool" rel="noopener noreferrer">CLI tool to Generate &amp; Verify Hash</a></li> <li><a href="https://onlinecodingtools.com/cryptography/bcrypt/" rel="noopener noreferrer">Online tool to Generate &amp; Verify Hash</a></li> </ul> programming security webdev go