From ff0f6ba724748dbe340187fdd831a4d4f7f0ae5e Mon Sep 17 00:00:00 2001
From: raven <citrons@mondecitronne.com>
Date: Wed, 22 Oct 2025 16:28:22 -0500
Subject: passwords

---
 server/passwords/passwords.go | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 server/passwords/passwords.go

(limited to 'server/passwords')

diff --git a/server/passwords/passwords.go b/server/passwords/passwords.go
new file mode 100644
index 0000000..0524f24
--- /dev/null
+++ b/server/passwords/passwords.go
@@ -0,0 +1,38 @@
+package passwords
+
+import (
+	"golang.org/x/crypto/argon2"
+	"crypto/subtle"
+	"crypto/rand"
+	"bytes"
+	"log"
+)
+
+const version = 0
+
+func doHash(ver int, password string, salt []byte) []byte {
+	return argon2.IDKey([]byte(password), salt, 1, 64*1024, 4, 32)
+}
+
+func Hash(password string) []byte {
+	var buf bytes.Buffer
+	buf.WriteByte(version)
+
+	salt := make([]byte, 32)
+	_, err := rand.Read(salt)
+	if err != nil {
+		log.Fatal("error generating password hash:", err)
+	}
+	buf.Write(doHash(version, password, salt))
+	buf.Write(salt)
+
+	return buf.Bytes()
+}
+
+func Check(password string, hash []byte) bool {
+	ver := int(hash[0])
+	hashData := hash[1:33]
+	salt := hash[33:]
+	check := doHash(ver, password, salt)
+	return subtle.ConstantTimeCompare(hashData, check) == 1
+}
-- 
cgit v1.2.3