Get full access to Security with Go and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Storing passwords securely

Now that we know how to hash, we can talk about securely storing passwords. Hashing is an important factor when it comes to protecting passwords. Other important factors are salting, using a cryptographically strong hash function, and the optional use of hash-based message authentication code (HMAC), which all add an additional secret key into the hashing algorithm.

HMAC is an added layer that uses a secret key; so, even if an attacker got your database of hashed passwords with the salts, they would still have a difficult time cracking them without the secret key. The secret key should be stored in a separate location such as an environment variable rather than in the database with the hashed passwords and salts. ...

Get Security with Go now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now