func (c *Client) Reconnect() error { conn, err := tls.Dial("tcp", c.hostname, c.config) if err != nil { return err } c.conn = conn loginByte := []byte{TReconnect} c.conn.Write(loginByte) ulen := WriteInt32(int32(len(c.username))) c.conn.Write(ulen) c.conn.Write([]byte(c.username)) sc := make([]byte, 32) c.conn.Read(sc) //Generate a response cc := GeneratePepper() combSalt := make([]byte, len(sc)+len(cc)) copy(combSalt, sc) copy(combSalt[len(sc):], cc) //Generate a hash of the password with the challenge and response as salts hashA, _ := scrypt.Key(c.phash, combSalt, 16384, 8, 1, 32) //write the hash, and the response c.conn.Write(hashA) c.conn.Write(cc) sr := make([]byte, 32) //Read the servers response _, err = c.conn.Read(sr) if err != nil { return err } srVer, _ := scrypt.Key(c.phash, combSalt, 16384, 4, 3, 32) //and ensure that it is correct for i := 0; i < 32; i++ { if sr[i] != srVer[i] { return errors.New("Invalid response from server") } } //Send login flags to the server loginByte[0] = c.lflags c.conn.Write(loginByte) return nil }
func deriveKey(result chan []byte, secret string) { keySlice, err := scrypt.Key([]byte(secret), nil, 1<<18, 20, 1, 32) if err != nil { panic(err) } result <- keySlice }
func HashPassword(username, password string) []byte { pHash, err := scrypt.Key([]byte(password), []byte(tSalt+username), 16384, 9, 7, 32) if err != nil { panic(err) } return pHash }
func (u *User) CheckPassword(password string) bool { passwordHash, err := scrypt.Key([]byte(password), u.PasswordSalt, 16384, 8, 1, 32) if err != nil { panic(err) } return subtle.ConstantTimeCompare(passwordHash, u.PasswordHash) == 1 }
func (a *AccountDetail) HashPassword(password string) []byte { hash, err := scrypt.Key([]byte(password), a.Salt, a.N, a.R, a.P, 32) if err != nil { panic(err) } return hash }
func (e *EmailAddr) initLazyKey() { emailKey := e.Canonical() keyCache.Lock() v, ok := keyCache.m[emailKey] keyCache.Unlock() if ok { e.lazyKey = v return } key, err := scrypt.Key([]byte(emailKey), fistSalt, 16384*8, 8, 1, 32) if err != nil { panic(err) } e.lazyKey = key keyCache.Lock() if keyCache.m == nil { keyCache.m = make(map[string][]byte) } keyCache.m[emailKey] = key // TODO: Prune the cache keyCache.Unlock() }
// Handles login functions, returns true (successful) false (unsucessful) func (h *Client) Login(handle, password string, lflags byte) (bool, string) { loginByte := make([]byte, 1) loginByte[0] = TLogin h.conn.Write(loginByte) h.phash = HashPassword(handle, password) //Write the usernames length, followed by the username. ulen := WriteInt32(int32(len(handle))) h.conn.Write(ulen) h.conn.Write([]byte(handle)) h.username = handle //Read the servers challenge sc := make([]byte, 32) h.conn.Read(sc) //Generate a response cc := GeneratePepper() combSalt := make([]byte, len(sc)+len(cc)) copy(combSalt, sc) copy(combSalt[len(sc):], cc) //Generate a hash of the password with the challenge and response as salts hashA, _ := scrypt.Key(h.phash, combSalt, 16384, 8, 1, 32) //write the hash, and the response h.conn.Write(hashA) h.conn.Write(cc) sr := make([]byte, 32) //Read the servers response _, err := h.conn.Read(sr) if err != nil { return false, "Auth Failed." } srVer, _ := scrypt.Key(h.phash, combSalt, 16384, 4, 3, 32) //and ensure that it is correct for i := 0; i < 32; i++ { if sr[i] != srVer[i] { return false, "Invalid response from server" } } //Send login flags to the server loginByte[0] = lflags h.conn.Write(loginByte) return true, "Authenticated" }
func main() { stateFile := flag.String("state-file", "", "File in which to save persistent state") pandaScrypt := flag.Bool("panda-scrypt", false, "Run in subprocess mode to process passphrase") cliFlag := flag.Bool("cli", false, "If true, the CLI will be used, even if the GUI is available") devFlag := flag.Bool("dev", false, "Is this a development environment?") flag.Parse() if *pandaScrypt { var numBytes uint32 if err := binary.Read(os.Stdin, binary.LittleEndian, &numBytes); err != nil { panic(err) } if numBytes > 1024*1024 { panic("passphrase too large") } passphrase := make([]byte, int(numBytes)) if _, err := os.Stdin.Read(passphrase); err != nil { panic(err) } data, err := scrypt.Key(passphrase, nil, 1<<17, 16, 4, 32*3) if err != nil { panic(err) } os.Stdout.Write(data) os.Exit(0) } dev := os.Getenv("POND") == "dev" || *devFlag runtime.GOMAXPROCS(4) if len(*stateFile) == 0 && dev { *stateFile = "state" } if len(*stateFile) == 0 { home := os.Getenv("HOME") if len(home) == 0 { fmt.Fprintf(os.Stderr, "$HOME not set. Please either export $HOME or use --state-file to set the location of the state file explicitly.\n") os.Exit(1) } configDir := filepath.Join(home, ".config") os.Mkdir(configDir, 0700) *stateFile = filepath.Join(configDir, "pond") } if !haveGUI || *cliFlag || len(os.Getenv("PONDCLI")) > 0 { client := NewCLIClient(*stateFile, rand.Reader, false /* testing */, true /* autoFetch */) client.disableV2Ratchet = true client.dev = dev client.Start() } else { ui := NewGTKUI() client := NewGUIClient(*stateFile, ui, rand.Reader, false /* testing */, true /* autoFetch */) client.disableV2Ratchet = true client.dev = dev client.Start() ui.Run() } }
func (user *User) Authenticate(password string) bool { // Scrypt the password. scryptPassword, err := scrypt.Key([]byte(password), user.Salt, 16384, 8, 1, 32) if err != nil { panic(err) } return bytes.Equal(scryptPassword, user.Scrypt) }
func BenchmarkR32768r8p4k32(b *testing.B) { for i := 0; i < b.N; i++ { _, err := scrypt.Key(password, salt, 32768, 8, 4, 32) if err != nil { b.Fatalf("%v", err) } } }
func BenchmarkR16384r8p1k32(b *testing.B) { for i := 0; i < b.N; i++ { _, err := scrypt.Key(password, salt, 16384, 8, 1, 32) if err != nil { b.Fatalf("%v", err) } } }
func (p *adminPlugin) scryptHash(cmd *mup.Command, password, salt string) (hash string, ok bool) { key, err := scrypt.Key([]byte(password), []byte(salt), 16384, 8, 1, 32) if err != nil { p.plugger.Logf("scrypt.Key failed: %v", err) p.plugger.Sendf(cmd, "Internal error hashing password. Sorry.") } return hex.EncodeToString(key), err == nil }
func deriveScrypt(in [32]byte) (psk [32]byte, err error) { out, err := scrypt.Key(in[:], in[:], 1<<16, 8, 1, 32) if err != nil { return } copy(psk[:], out) return }
func recoverKey(password, salt []byte) (key []byte, ok bool) { key, err := scrypt.Key(password, salt, scryN, scryP, scryR, pwKeyLength) if err != nil { key = nil salt = nil return } ok = true return }
// deriveKey applies Scrypt with very strong parameters to generate an // encryption key from a passphrase and salt. func deriveKey(passphrase []byte, salt []byte) *[keySize]byte { rawKey, err := scrypt.Key(passphrase, salt, 32768, 8, 4, keySize) if err != nil { return nil } var key [keySize]byte copy(key[:], rawKey) zero(rawKey) return &key }
func main() { var pass, salt string fmt.Printf("pass:"******"%v", &pass) fmt.Printf("salt:") fmt.Scanf("%v", &salt) key, err := scrypt.Key([]byte(pass), []byte(salt), 16384, 8, 1, 32) check(err) err = ioutil.WriteFile("blobstash.key", key, 0644) check(err) }
func calculateHash(pass string, salt []byte) ([]byte, error) { const ( N = 16384 r = 8 p = 1 keyLen = 32 ) bpass := []byte(pass) return scrypt.Key(bpass, salt, N, r, p, keyLen) }
func DeriveKey(password, salt []byte, N, r, p, n int) (key *Key, err error) { // Derive key using password and salt. k, err := scrypt.Key(password, salt, N, r, p, n) if err != nil { return } subtle.ConstantTimeCopy(1, key[:], k) return }
func validateMeshID(id *MeshID) bool { now := time.Now().Unix() if id.T > now || (now-id.T) > nidMaxAge { return false } stampSha := sha512.New() stampSha.Write([]byte(strconv.FormatInt(id.T, 10))) stampSha.Write(id.S) stampHash := stampSha.Sum(nil) aHash, err := scrypt.Key(stampHash[:], []byte(strconv.FormatUint(uint64(id.A), 10)), nidScrN, nidScrR, nidScrP, 32) if err != nil { panic(err) } bHash, err := scrypt.Key(stampHash[:], []byte(strconv.FormatUint(uint64(id.B), 10)), nidScrN, nidScrR, nidScrP, 32) if err != nil { panic(err) } if bitPrefix(aHash, nidPreBits) != bitPrefix(bHash, nidPreBits) { return false } text := fmt.Sprintf("%d%d", id.A, id.B) codeSha := sha512.New() codeSha.Write(id.S) codeSha.Write([]byte(text)) code := codeSha.Sum(nil)[32:64] if hex.EncodeToString(id.ID) != hex.EncodeToString(code) { return false } return true }
func (sf *StateFile) deriveKey(pw string) error { if len(pw) == 0 && sf.header.Scrypt != nil { return BadPasswordError } params := sf.header.Scrypt key, err := scrypt.Key([]byte(pw), sf.header.KdfSalt, int(params.GetN()), int(params.GetR()), int(params.GetP()), kdfKeyLen) if err != nil { return err } copy(sf.key[:], key) return nil }
func (a *AuthChallengeProvider) DeriveKey(password string, salt []byte) []byte { if password == "" { return nil } key, err := scrypt.Key([]byte(password), salt, 16384, 8, 1, 32) if err != nil { panic(err) } return key }
func (store *FilesystemPasteStore) EncryptionKeyForPasteWithPassword(p *Paste, password string) []byte { if password == "" { return nil } key, err := scrypt.Key([]byte(password), []byte(p.encryptionSalt), 16384, 8, 1, 32) if err != nil { panic(err) } return key }
func genKey(conn *userConn, pass, salt []byte) (key string, err error) { // Generate their salted, hashed password. keyBytes, err := scrypt.Key(pass, salt, 16384, 8, 1, 32) if err != nil { // If you can get here, it's probably // because of a bad password. sendAuthFail(conn, "Invalid Password") return "", err } return string(keyBytes), nil }
// NewScrypt returns a new key derivation function that uses scrypt to do // the derivation. The returned key will be 32 bytes in size. // If N, r, or p are invalid nil and an error are returned. // See code.google.com/p/go.crypto/scrypt#Key for details on proper values for // N, r, and p. func NewScrypt(N, r, p int) (func(salt, password []byte) []byte, error) { // The following two checks where copied directly from the scrypt implementation. if N <= 1 || N&(N-1) != 0 { return nil, errors.New("scrypt: N must be > 1 and a power of 2") } if uint64(r)*uint64(p) >= 1<<30 || r > maxInt/128/p || r > maxInt/256 || N > maxInt/128/r { return nil, errors.New("scrypt: parameters are too large") } return func(salt, password []byte) []byte { key, _ := scrypt.Key(password, salt, N, r, p, 32) return key }, nil }
func (u *User) SetPassword(password string) { var err error u.PasswordSalt = make([]byte, 16) _, err = rand.Read(u.PasswordSalt) if err != nil { panic(err) } u.PasswordHash, err = scrypt.Key([]byte(password), u.PasswordSalt, 16384, 8, 1, 32) if err != nil { panic(err) } }
func (kx *KeyExchange) derivePassword() error { serialised, err := proto.Marshal(kx.sharedSecret.toProto()) if err != nil { return err } if kx.Testing { h := sha256.New() h.Write([]byte{0}) h.Write(serialised) h.Sum(kx.key[:0]) h.Reset() h.Write([]byte{1}) h.Write(serialised) h.Sum(kx.meeting1[:0]) h.Reset() h.Write([]byte{2}) h.Write(serialised) h.Sum(kx.meeting2[:0]) } else { data, err := scrypt.Key(serialised, nil, 1<<17, 16, 4, 32*3) if err != nil { return err } copy(kx.key[:], data) copy(kx.meeting1[:], data[32:]) copy(kx.meeting2[:], data[64:]) } var encryptedDHPublic [32]byte rijndael.NewCipher(&kx.key).Encrypt(&encryptedDHPublic, &kx.dhPublic) l := len(encryptedDHPublic) if padding := kx.meetingPlace.Padding(); l > padding { return errors.New("panda: initial message too large for meeting place") } else if l < padding { l = padding } kx.message1 = make([]byte, l) copy(kx.message1, encryptedDHPublic[:]) if _, err := io.ReadFull(kx.rand, kx.message1[len(encryptedDHPublic):]); err != nil { return err } return nil }
// runtime is roughly proportional to r * p which must be less than 1 << 30 // this is intended to be SLOW, to foil brute force password attacks. func main() { password := []byte("this is my key") salt := mdr.UdevRandomBlock(8) N := 16384 r := 8 p := 1 keyLen := 32 newKey, err := scrypt.Key(password, salt, N, r, p, keyLen) if err != nil { mdr.FatalError(err) } fmt.Printf("newKey : %x\n", newKey) fmt.Printf("r * p (%d) < (%d) \n", r*p, 1<<30) fmt.Printf("done\n") }
func NewSecret(password []byte) (secret *Secret, err error) { secret = new(Secret) secret.Salt, err = Random(16) if err != nil { return } key, err := scrypt.Key(password, secret.Salt, 16384, 8, 1, 32) if err != nil { return } copy(secret.Key[:], key) return }
func deriveKey(salt []byte) *[keyvault.KeyLen]byte { password, err := readpass.PasswordPromptBytes("Vault password: "******"Failed to read password: %v\n", err) os.Exit(1) } key, err := scrypt.Key(password, salt, 16384, 8, 1, keyvault.KeyLen) if err != nil { fmt.Fprintf(os.Stderr, "Failed to derive key: %v\n", err) os.Exit(1) } var vaultKey [keyvault.KeyLen]byte copy(vaultKey[:], key) return &vaultKey }
// encrypt uses scrypt // https://code.google.com/p/go/source/browse/?repo=crypto#hg%2Fscrypt // to derive a secure key func encrypt(salt string, clearstr string) (crypt string, err error) { saltBytes, err := hex.DecodeString(salt) if err != nil { glog.Errorf("Undecodable pw_salt (%s)", salt) return } combined := make([]byte, 64+32) _ = copy(combined[0:64], Conf.ServerKey) _ = copy(combined[64:], saltBytes) cryptBytes, err := scrypt.Key([]byte(clearstr), combined, 16384, 8, 1, 64) if err != nil { glog.Errorf("Failure in execution of scrypt: %s", err) } crypt = hex.EncodeToString(cryptBytes) return crypt, err }