Argon2id the most secure password hashing algorithm | Golang Argon2 Hash | Secure Password Hashing

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hey guys welcome back to the channel this is uh paul again come um it's a quite long time guys that i'm not active here in our channel uh here in harlequin's code so probably um because of the what they call these uh work related uh things guys that i'm keep busy one of these days and a few months as well but right now we have some some time that we can discuss and share share it again some of our golan knowledge here in harlequin's codes that we can share to all of you guys out there and uh by the way how are you guys and i hope you are fine you're okay and wherever you are in in this world so this is my new settings now guys in the philippines so uh it's just uh in my house here so we can discuss it again so apparently we are working from home and uh as of today we are november 30 as of this recording that um currently we are having some public public uh what i call this public holidays so i just it's just one day so and then finally at least i have some time again guys to share it with you some knowledge here in golang and yeah and then right now we need to we have some topic here so we to discuss this is a very important topic but before that we need to shout out those people that uh who are currently uh commenting in our last uh video since this one is last april uh 15 that i publish so currently um there are five people uh who are currently currently messaging with us here so first of all number one is uh rn who is a it says a great contribution this series will be a good reference thank you so much rn and the second one would be uh jarobic faisive jarobi paisiv hello i didn't follow previous videos so i'm just curious what dbdd used thanks in advance so i really replied uh jaropic at that time and uh thank you jerobik and also ibrahim suleiman ibrahim suleiman great effort thanks thank you thank you abraham and uh also the last but not least oh sorry about that i don't uh read it properly is it zero so come back please so uh right now i'm here uh oh oh thank you so much for your comment guys and special uh uh what i call this uh my colleague in our office although we are currently work from home so with harvey diaz and ray ruffles and also to my brother bernard filigree okay so uh that's it guys and today we are also discussing regarding this uh very important topic as i mentioned we are currently having this um argon 2 if you encounter this one this is the the latest or not so latest guys but the recent recommendations of a password hashing for any kind of a password so it was written originally by [Music] the russian people here last time it was 2015. and this argon 2 is uh won by last july 2015 and so it is a key derivation function that was selected as a winner of the password hashing so it it was recommended nowadays guys since uh 2015 that they won uh this uh password hashing competition and then it will be uh the the standard the world standard for using this uh for hashing any kind of a password uh whether in our web application your application or whatever kind of a password hashing there's guys that it is a very secure um and and then the modern way of doing this original written in the c code but uh already supported by uh golang itself so it's uh already built in in golang they call it argon 2 so we will be discussing this and then we have some package that we need to develop and then already publish and then we will publish it on our ita republic github so that you you guys out there you can use it freely it's under mit license and of course don't forget to subscribe my channel guys uh to honor our work here in marlinkan school okay so let's dive into this tutorial guys okay guys welcome back to our channel okay okay guys um again this is the the the setup initially we will put some main that go here um by the way we can rename this later on because we need to deal with this argon 2 so i just name it argon 2 id guys okay so this is our file name here and then we will be creating this new package but before that uh it's just a brief introduction again guys for this argon 2 argon 2 is a key derivation function that was selected as the winner guys for the password hashing competition in last july 2015. so it was designed by these people here guys so and the university of luxembourg's in uh um yeah this one guys and then uh this is the originally it was written in c code so this is the original c code here which is the the winner argon 2 so this is the newest standard for password hashing guys so it's more secure than uh then a big creep b is it was last uh uh it was last i think uh it was started on uh 1999 guys so it's quite some time now uh how many years passed so the newest technology for password hashing guys is we call it argon 2. so okay so also this is the built-in package for uh uh for golang library guys for this argument too so as i mentioned earlier argon 2i and argon 2id so there are two uh three variants guys i mean uh i mean two two variants for this argon 2i and argon 2 id but we are using this um id key which is a combination of both those um both these uh world guys these methods okay so these are more secure and more on the memory side so that's enough for this uh package guys we will start creating and building our newest package called the pwd but before this uh okay uh but before this we need to create a new package uh here uh go mode init get hub because we are publishing it to github guys if you are if you are developing again uh just a quick overview um if you're not familiar with how to publish new package in golang to github you can take a look on my previous video regarding this on how to publish golang package guys to github so right now we are publishing to github so we need to address like go mode in it github.com your github channel there or something your repository republic it republic slash then our newest repo name which we call it pwd guys um insured for password okay so go mode you need and then already created a new go mode go dot mode here so our latest uh version as of this recording guys is go 1.17 so okay guys uh by the way we need to create a new structure first guys uh we call it for our gun this one we are going to requires uh the configurable variable guys so we need to deal with this one first uh they have the memory as if uh as it mentioned in this thing guys as you can see this function id key it requires a password the plain password the salt in byte time which is the iteration memory which is how many memory allocations that we need to save it like for this example guys there uh there is a 64 times um 1024 so this is an equivalent of a 64 mb of memory uh that it can generate or use to generate a password hash and then of course this uh parallelism which is the threads of how many uh cores that you are using guys and it depends on your hardware requirements so the more you have a core cpu there then you can uh configure these variables guys so this is what we are going to do for this uh argon 2 as we need to set up this uh configurable variable guys so so that you guys out there you can use free the package and then after that we can just configure by your own it depends on your memory usage but the standard way is this 64 times 1024 which is the 64 mb guys and then of course the last one is the key length which is 32 bytes by default yeah this is the this is the decent amount of uh configurations uh for the argon 2 idt so right now uh we need to deal with this uh uh argon 2 uh configurations guys so this one is a uint um 32 okay and then another one is the iterations we call it our iterations guys uh instead of that time by the way they are they are the same there thanks to uh edward uh for uh the inspiration of doing this uh uh argon 2 password hashing guys so okay so you can read most of their contents there as well and then another one is the parallelism uh also this one is found in this c code guys this these are all the settings here uh the iterations the parallelism the memory which is in kib and then the hash here so these are all the examples guys so it is already exist in the argon 2 as well so in the original c code parallel parallelism parallelism list so you int 32 i think this one is a unit 8 yeah it's just a small thing guys and then uh salt length which is uint 32 and then also for the key length is a uint 32 as well so it's my srs thing and then these are all our configurations guys by the way we can also put some constant here so we can put our default uh argon 2 are going to configs so these are all constant here we can put the memory uiint you in 32 uh then you can assign a constant value of 64 times 10 24 okay yes and then uh we call it i there or you int 32 as well is uh we just these are the default guys you can change and later in our configurations parallel uh this one is a you int you don't have to know how to attack now guys and then another one is for the salt uh length which is you in 32 as well so this one is 16 and then another one is the keyland uh uint 32 is equal to 32 as well so so now it's a good thing here we have done and then uh also we need to uh check this one uh if one guys so right now we need to create a hash password here now guys i mean for the function this one is for hash and so so we call it hash and so that that means we need to create uh argon hash argon too harsh now guys so this function is the main purpose is to uh generate a hash string okay so and then we require us we'll return string and then error oops so string i mean i always have this um iphone always so we call this as a thing and then we call it salt bites i just returned with uh neil first guys and then nil at the moment and then we call it the salt bites here so bites uh make and then we can put a bite here and agc and then we i need to initialize the agc first guys uh for this are going to configs here so i just initialize it with the var var agc is equal to this argon 2 configs so we have this and then then this one we can create a new one here guys so we have where we have this memory here the default values and then of course we continue this hash and so so this one we call it the agc here later we will configure this agc guys for to initialize these default variables here okay we use run that read this is assault bytes here so if error not equal to neil then we can use this return blank otherwise we just return error and then the next one we can um this one we can generate the salt bite here guys this is the main uh ingredients as well guys because this one is a it's a secure uh reed by these are random strings uh cryptographic strings to generate a secure random uh for our salt so again this one is argon 2 going to and then okay guys so we will create a hand argon 2 hash here and then we will be dealing with argument too so uh to capture our time guys uh by the way we are using uh this what we call the co-pilot in get up guys to auto uh fill in our thing guys so we don't want to repeat uh keep uh what they call this repeating uh those common tasks uh the autocomplete thing so to capture our time guys so you can uh install that in our install this in the vs code vs code so okay i just need to reload my thing guys and all done from one okay so i think it's back our gun two okay iterations maybe just want to return our return stream all done guys ah because i'm using my old laptop guys i always have this there's a problem with the old old and new laptop so there's a problem and the keys are the rearranging the keys you always when we save there's a problem okay so uh okay so this is the return here i think i need to go mode uh thing guys because there's some error here go mode vendor first guys mode vendor i'll go mode tidy okay so are going to id password pwd i think it's fine yeah and then after this we can create a b64 here need to encode um b64 salt so actually this one guys and then another one is a b64 we are generating argon to hash okay so this is the thing we need to use a row standard encoding guys for the base64 and then because this one is an unpadded one so no padding for those bytes guys so we don't add the padding so we need the original uh sensitive information from this plane password guys because we are translating this uh into a byte something like this argon 2 id key function is returning so right now this one is uh it's a byte now guys are going to id key so okay so i go to hash okay oh my my ass pardon with my ass guys always saying this and then after this is the hush need to fmt the sprint if i need to do some combination with this one guys um this argon 2 there is an argument too and every password that we're generating guys so and then concatenated with this there's a time here we need to keep say we need to save this information guys with the current version once the password has been generated or the hash key has been generated with this one so there is a key for this argon 2 which is a standard way of like this [Music] like this from the c code they originally have this argon 2 uh keyword here and then the version 19 which is the first current current version of that argument that you are generating or using the package and then the the memory that you are using which is a 64 mb the time which is the iteration two which is a constant value or you can change as well and then the parallelism is four the threads and then this one is for um the hash the the salt hush guy so that would be the thing there so right now we are generating this and then we will copy over this one copy and then paste it here i is hash so okay save what could be the problem of this one so right now we need to okay guys we have done this part and then there's some this the error here we need to go mode first guys go mode tidy and then after this to collect all those packages guys and then we have some vendor here to store all those libraries go mode vendor so we already have all this information now and then okay so we already have this hush and sold uh later on we will put some notes guys uh to capture our time uh all these informations no worries because we were publishing this into our ital public github so right now we need to put some tests uh for this one guys so we need to create a new file here um our gone to id underscore we need to put some test cases here guys so package package pwd okay so we need to create a func test this one a hush and salt so we are about to generate uh those hush and salt guys so right now we don't require this oops so this salt here and then by the way before we can do that um maybe we can i will create some initialization first guys because uh right now we don't have to deal with this uh default values first so because in our test here we need to create uh we need to supply those uh default values or your customization guys uh okay so okay guys to capture our time i prepared this uh one for you guys so i just explained it a little bit further and also i supply all these um important notes here so that we can trace whatever the what whatever these code code lines are doing and what is the purpose of that one at least we have some decent information there guys and um also i supply all this information the row uh rw mutex uh uh for this argon 2 configs guys because we need to initialize this one this default we need to supply this defaults to our argon 2 configs to on into our struct and then after this the initialized argument 2 configs will be have some another function that i prefer also guys to calculate our time guys so uh pardon me for this one because i don't want to make our videos too long it's too boring if it's too long so i just explained further this one i created this one we have already previously doing in our iti itr log so you can use that one as well there so uh it's the same thing same pattern i just replicate it here and also uh in the func init we are initializing these values and supply all this information to our struct here so these are all the informations the default values of course we are loading the default values from our constant variables there so which are which are the memories uh the iterations uh these are the default guys but later on you can customize uh this one i will show you later in our unit testing if we can deal with this set argon 2 configurations most especially of course we need you need to change it depends on your memory allocations of your hard drive the threads how many parallelism there so you can supply all those informations like these iterations and then the memory like one two eight two five six all these things guys and then we come back to our test this test right now is we need to generate a new password guys so by the way this is your plane password here i just want to change plane plane password so this is your plain password for example guys it's just to simulate like we need to generate this kind of hashing here in this one i mean in the c so we need to generate like this type of hashing guys okay so we come back here again after this i need to copy this by the way i'm using the windows terminal i'm using the windows terminal here guys you can download this windows terminal in the in the windows terminal there you just search in the google guys uh rather than using the cmd or powershell this one you can incorporate uh everything here like a ubuntu azure or whatever guys so this is a more um modern way of doing this okay um i need to go test uh b run this one this function guys so right now they are generating this uh argument to password so as you can see that this is the result here we're going to let go 18 so the hash one so because we are uh hold on uh this one we are generating here under log f so this is the thing now guys uh as you can see that this is the hash key from argon 2 id function has been given to us so this is the password that we need to store into our database for each user or something like that guys so you can store this string this is a string now you can uh save it uh if you're using mysql sql database or nosql things like that guys so you can store this password now for each user okay so nice and simply done here i suppose uh okay guys so we are generating now our next step would be to validate uh this hash into whatever the hash that we need to compare this hash you guys okay because there's no way that you can decrypt decrypt that that hash okay so uh the next thing is we need to create a new function here to compare those hash keys we call it the func okay to capture the time again guys so i added this uh decode password the code hash password and uh check password so this is the main function that we need to check or compare uh our argon to hush key guys so every time there is a password validation there is no way that the we can decode the code back or in decrypt back the hash key guys or whatever the password that we are generating from the argument to so there is no way of uh decrypting it back so there's a one-way ticket only guys as we have mentioned so um this one is the the main com check password hash this is the thing that we need to uh compare the the hash one guys so what this function actually does is um we we also accept a plain text password here and then the hash key so right now and also i added this test test check password hash so we need to generate the password again uh for this are going to harsh by the way i guess the argument too hash is every time you generate it uh the the strings that we are that generating it it will be different way again guys so the only way we can uh compare the hash is by generating the hash key by itself again and then the magic will go on using this uh sub subtle function from a cryptographic cryptography from the crypto function the package uh from the golang itself guys so it's a built-in library so it's a it's a more secure way of comparing uh a bites comparing a bite to a bites guys to bite compare two bytes so if it returns one that means it's it's a valid one guys so you can return through here through and then uh if it returns zero that means it's not a valid password so we can test this along uh later on guys and then uh there is uh the code here so we that's why we need the hash here because we need to get the previous hash so whatever the password we stored that hash right and remember that we store that hash into our database for each user there is a username and then the password and then we store this hash here so we need to decode back this we need i mean we need to extract uh the things here guys so like these are going to and then the version then we need to validate the version and then the time here and then of course the the password here so this one it will change every time we generate although it's the same plain password but of course it will generate another strings because of that salt that we are generating is a very unique and secure way of generating a random cryptographic strings so right now uh this is the the magic happens guys after we generate we get the uh we need to get uh the old uh hash key here that we stored in somewhere else and then we generate back again the same key i mean same function argumentu id key and then the plain password and then the the salt here or whatsoever guys so the salt that we are decoding from the hash password here so we extract back the salt uh okay and then the iterations from our memory here guys okay so whatever that we are storing so it's also decoded back again guys those uh what they call especially this salt and then all those things okay so we and then the magic thing happens here uh to compare both hash this is the byte here and then another byte here it returns one and then it will return true so it will be uh the password that the thrown by us to compare uh in our application will be is is it is a valid or not so this is the key ingredient here for our uh to verify our password guys okay so this is the decode hash password here okay so these are all the standard way here you just split those string i mean the dollar sign so every time there is a dollar here it will be splitted like this one split this argon 2 so it will get uh argon 2 id these are all six split values guys so up to six arrays so the index so another one for this one is for to get the version that will generate version of the argument to and then the iteration i mean the memory and then the iteration here is how many we define for the time constant and then for the salt uh yeah so these are all the thing here that we need to extract guys using this decode hash password here so these are all total six values here so after that you need to check the current version at index 2 which is the this one guys this argon 2 this is the index 2 which is the v19 here so this is the current version by using sscanf so we can uh extract only the 19 value for example of this term no need this v dash uh v dash so we just get the value of this which is the 19 and then after that we compare the current version and then the argon 2 version if it is correct or not then otherwise it will throw some errors here so again the next line would be the decoder the scanf um this is what i call to decode the parameters guys as i put a note here and then after that we will this three is something like is uh m i i suppose so we can uh no worries we can just extract back we can fmt here so to make it to ensure everything is in place guys so we just print the balls or something okay uh bars then zero okay then uh fmt that print line pal one just put everything uh first guys so you will know what is that thing so it starts by zero so end up with five so we need to test this one guys so by the way we need to test uh this one first so this is uh to compare the plain password here this is the password your password whatever the user's password here and then of course this is the password here again so right now we we intend to match everything first later we will try to make it wrong at some between these two okay so we will test first and then see the result for that thing okay let's see if it return true or not so right now as you can see that uh uh right now as you can see guys this is the v uh the array one zero is argon two uh uh also uh our password is correct guys okay uh if i make it wrong uh hold on guys so now the password is not correct guys so it's not it's a mismatch thing so if i rerun it again the test so it says uh incorrect so it fail our test here so right now is incorrect password because password one and the plain password without one so it's a mismatch guys so our function now is totally it's working and also this argument two id is a valve valve zero this is the version here and then the valve two so this is the memory three four and five this is the thing our our salt here so this is the 5 this is the salt i guess i need to go back again so maybe we can put something in this uh this is the balls zero so we will know guys exactly the thing print line all done guys just change later on okay so this is one this is two three four and five so we will test it again so for val zero is empty here so it starts with val one is the argument two and then the val2 is the version version of the argon and then the memory all these things they are all combina combined already in one string guys for vals uh val 3 value 3 and then this is uh our is our thing hold on guys four is the to decode the salt here and then the last part is the key so remember when when we have this our value here sorry guys we need to scroll up um this is the memory here so we are putting all the memory the key length is 32 and then the salt length is 16 so so that is the the value for the vals4 and the files five is the key length this is the salt so we can decode exactly the things guys so we can just remove this so right now our test is working fine if i put back the correct password now it's all match you can use this function guys check check password to check the hash to hash guys so right now i need to clear it we run it again so the test is now passed and then uh the password is correct okay so all match guys so i think that's it guys and um i hope you enjoy here and learn and learn a lot here in malik and scott guys and after this uh to capture our time i already published it into our it republic guys so you can grab this code here i mean you can install it in your package guys in your golang visit this github.com slash it republic then pwd so this is the helper function for argon 2 for this one guys so i also put uh some useful examples here uh for example in your package main uh there is an initialize here the func init so this is how you can customize the values guys for example i put 128 here or 256 or whatever it is your machine requirements or your business requirements okay so you can change all these parameters here and then after that it just uh initialize it in phong imit and then after that as you can see that how you can generate an argument secured password here so this string here is the argon to hash you can store this into your database along with that username and then after that when the user login or something to verify that hash stored in your database this is the second function that you need to do guys so to ensure that is it the password correct or not so by using this pwd dot check password hash so your plain password here that compare with the the hash that you're generating from your database of course you need to fetch that uh whatever you whenever where where it is stored in your are going to hash like in this case this is the thing that you need to store somewhere else guys most probably in your database okay uh okay i think we are done guys and don't forget to subscribe to maharlikan's code for more videos guys and to honor my work here in malikan's code thanks so thank you so much guys for watching this tutorial series here hi guys again thank you so much uh for watching my tutorial video here in malik's code i hope i impart with you some knowledge and on how to to deal with this are argon 2 which is the newest standard for password hashing so it's a more secure way guys as i have explained to you uh early on earlier so you know probably in our next video guys i will be sharing uh if you are not encountering yet we call it an api so it's an application programming interface so in our previous videos that uh we are dealing with the standalone kind of an application that what i mean is nobody can use uh externally like other developers or other applications that might be integrated with our applications so they will get the data of our of our api and then they can use it they can pass on a json data or a gs1 or xml file so we need to we need to deal with that one that kind of an architecture guys because this is a more robust so that every time you develop an application a software uh we ensure that this is an api ready so at least in our own way we can explain how to how to deal with this how to design our application in such a way that we can uh we can share or we can impart some knowledge i mean we can impart those uh technologies that we are we are creating and then after that other developers can integrate with their own application at that time we will i will explain further guys so stay tuned for that uh video so uh we will be creating in the simplest way and of course we need to pass on json data and then uh by using postman to test our api so for example like uh we need to pass on password pass on data such as like a new create a new user for example so in such a way we design a system that it can handle um it can handle external requests of course so but in that case that is too advanced yet but we need to make it as a basic first at least we can i can share it with you the foundation of it then you can expound your um your api or whatever you are building it so we can uh we can do that guys so stay tuned for that okay so that's all and uh thank you so much for watching guys and uh please consider subscribing for subscribing to my channel guys to honor my work here in maharakan's code and of course bye for now guys and see you in my next video thank you so much guys may god bless us all thank you and now bye bye keep safe everyone [Music]
Info
Channel: Maharlikans Code
Views: 63
Rating: undefined out of 5
Keywords: Life As Software Developer, go, golang tutorial, learn to create web applications using golang, most secure password hashing algorithm, golang argon2 hash, argon2, argon2id, argon2 hash, itrepablik, pwd, password hashing, secured password hash
Id: Z3u4XyBfBSM
Channel Id: undefined
Length: 49min 57sec (2997 seconds)
Published: Tue Nov 30 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.