-5

I have the following code:

import "github.com/kless/osutil/user/crypt/sha512_crypt"
c := sha512_crypt.New()
hash, err := c.Generate([]byte("enter-new-password"), []byte("$2a$09$f5561d2634fb28a969f2dO8QeQ70f4bjCnF/.GvPpjj.8jgmtzZP2"))
if err != nil {
    panic(err)
}

And it produced the following error

http: panic serving 192.168.0.16:56730: invalid magic prefix

Why does this happen and how do I resolve it?

peterSO
  • 158,998
  • 31
  • 281
  • 276
John
  • 32,403
  • 80
  • 251
  • 422

1 Answers1

5

Why does this happen and how do I resolve it?

You have an invalid magic prefix.

github.com/tredoe/osutil/user/crypt/sha512_crypt/sha512_crypt.go

if !bytes.HasPrefix(salt, c.Salt.MagicPrefix) {
  return "", common.ErrSaltPrefix
}

Read the crypt package code.

PHP: crypt — One-way string hashing

PHP: password_hash — Creates a password hash

Read the PHP documentation.

See your earlier question: golang equivalent of PHP crypt().

Provide a valid magic prefix.

For example,

package main

import (
    "fmt"

    "github.com/kless/osutil/user/crypt/sha512_crypt"
)

func main() {
    c := sha512_crypt.New()
    magic := sha512_crypt.MagicPrefix
    hash, err := c.Generate(
        []byte("enter-new-password"),
        []byte(magic+"$2a$09$f5561d2634fb28a969f2dO8QeQ70f4bjCnF/.GvPpjj.8jgmtzZP2"),
    )
    if err != nil {
        panic(err)
    }
    fmt.Println(hash)
}

Output:

$6$$.AVE44JRnLFr9TZx3zASJX6V3Uu0jpnrOV6fW1T5NHy3MUKPaJXHGvjooxrAkYsuIL2HwS/sYgzUZ.cg8FTtz/

NOTE:

import "github.com/kless/osutil/user/crypt/sha512_crypt"

is now an alias for the new location

import "github.com/tredoe/osutil/user/crypt/sha512_crypt"
peterSO
  • 158,998
  • 31
  • 281
  • 276
  • 1
    note to self -- the string `$2a$09$f5561d2634fb28a969f2dO8QeQ70f4bjCnF/.GvPpjj.8jgmtzZP2` appears to have been hashed already. The `$2a$` may suggest that PHP5.3 or earlier used crypt() function with CRYPT_BLOWFISH . As far as I can tell with my introductory knowledge to how golang works, the kless/tredoe package makes no references to CRYPT_BLOWFISH, which may lead to other problems I do not understand. – John Jul 01 '18 at 16:56
  • 1
    @John: The prefix "$2a$" or "$2b$" (or "$2y$") in a hash string in a shadow password file indicates that hash string is a bcrypt hash in modular crypt format. bcrypt is a password hashing function, based on the Blowfish cipher, [bcrypt - Wikipedia](https://en.wikipedia.org/wiki/Bcrypt). Go [package bcrypt](https://godoc.org/golang.org/x/crypto/bcrypt): `import "golang.org/x/crypto/bcrypt"`. – peterSO Jul 01 '18 at 19:09
  • 1
    As a related topic, I finally solved my original question here based on your comments - https://stackoverflow.com/questions/51119682/golang-equivalent-of-php-crypt/51138267 – John Jul 02 '18 at 14:27