You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a Golang library for securing passwords it is based on the [Dropbox method for password storage](https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/). The both passphrases are first hashed with [Blake2b-512](https://godoc.org/golang.org/x/crypto/blake2b) then a random 64-bit salt is generated and a secure hash is generated using [Scrypt](https://godoc.org/golang.org/x/crypto/scrypt) with the user specified parameters. The salt is appended to resulting 56 byte hash for a total of 64 bytes. The masterpassphrase Scrypt output, which Dropbox describes as a global pepper, is then hashed with Blake2b-256 and is used as a key along with a 192-bit random nonce value for the user passphrase Scrypt output along with Scrypt salt to be encrypted using [NaCl Secretbox](https://godoc.org/golang.org/x/crypto/nacl/secretbox). NaCl Secretbox uses XSalsa20 and Poly1305 to encrypt and authenticate data.
