Hash password compare

sudesh · June 17, 2019, 2:37am

I try to compare db password and form value password then given following error.
crypto/bcrypt: hashedPassword is not the hash of the given password. i have attached the coding function

https://play.golang.org/p/Olq4APRNBDe

Yamil_Bracho · June 17, 2019, 2:14pm

This code works fine
package main

import (
“fmt”
“golang.org/x/crypto/bcrypt”
)

func main() {
var err error

passwordRequest := "Testx"
passwordDB := "Test"

bsp,err := bcrypt.GenerateFromPassword([]byte(passwordDB),bcrypt.DefaultCost)	
if err != nil {
   panic(err)
}
err = bcrypt.CompareHashAndPassword(bsp,[]byte(passwordRequest))
if err != nil {
   panic(err)
} else {
   fmt.Println("password are equal")
}

}

geosoft1 · June 17, 2019, 5:20pm

You can also try authentication directly from sql command, eg:

github.com

geosoft1/ssas/blob/379785245fc734532a6bad67fee3690e4af392b0/db_user_sha1.go#L24-L30


func sqlAuthenticateUser(u *User) error {
	if err := db.QueryRow("SELECT * FROM user WHERE email=? AND password=SHA1(?)", u.Email, u.Password).Scan(&u.Id, &u.Name, &u.Email, &u.Password, &u.isActive); err != nil {
		log.Println(err)
		return err
	}
	return nil
}

Of course, before that you must insert the encrypted password likewise.

iegomez · June 17, 2019, 6:30pm

Stay with bcrypt, SHA1 is very weak. Bcrypt also salts passwords by default.

sudesh · June 18, 2019, 3:15am

thank you very much it’s working

sudesh · June 18, 2019, 3:18am

Thanks George for your reply, I used Yamil’s code and it worked.

system · September 16, 2019, 3:18am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.