mirror
/
oragono
mirror of https://github.com/oragono/oragono
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 70 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1331 Commits
21 Branches
Tree: f912f64f21
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f912f64f21'
${ noResults }
oragono/irc/utils/crypto.go

crypto.go 891B
History Raw

123456789101112131415161718192021222324252627282930 
  1. // Copyright (c) 2018 Shivaram Lingamneni <slingamn@cs.stanford.edu>

  2. // released under the MIT license

  3. 

  4. package utils

  5. 

  6. import (

  7. 	"crypto/rand"

  8. 	"crypto/subtle"

  9. 	"encoding/hex"

  10. )

  11. 

  12. // generate a secret token that cannot be brute-forced via online attacks

  13. func GenerateSecretToken() string {

  14. 	// 128 bits of entropy are enough to resist any online attack:

  15. 	var buf [16]byte

  16. 	rand.Read(buf[:])

  17. 	// 32 ASCII characters, should be fine for most purposes

  18. 	return hex.EncodeToString(buf[:])

  19. }

  20. 

  21. // securely check if a supplied token matches a stored token

  22. func SecretTokensMatch(storedToken string, suppliedToken string) bool {

  23. 	// XXX fix a potential gotcha: if the stored token is uninitialized,

  24. 	// then nothing should match it, not even supplying an empty token.

  25. 	if len(storedToken) == 0 {

  26. 		return false

  27. 	}

  28. 

  29. 	return subtle.ConstantTimeCompare([]byte(storedToken), []byte(suppliedToken)) == 1

  30. }