Thanks everyone, plenty more reading for me! I'm also pleased to discover the increasing binary size isn't being ignored by the team :) especially since I'm also planning some more Go WASM stuff (although currently I switched to Java WASM for exactly this reason for that part of the project).
Also good to know only what I'm using gets linked in, but then the size of 'hello world' is even more surprising. The argon2 looks interesting, but it sounds like it could be very memory heavy. The code I'm porting is running on a PAAS/SAAS setup, and that might have cost implications exceeding the worth of my low value data. But I will also have a look then at the sha3 that was mentioned, now that I know the 'x' stuff is internally produced by the same team! I get the impression from some of the info I'm going through, that since I'm running on hosted systems, which optionally also have encrypted file systems, that some of the brute force defense stuff might be less applicable? ie unless the database is physically stolen from some nuclear bunker somewhere in the world, and decrypted, and my noddy system is deemed worth hacking, it's probably pretty safe already. So the main attack vector would be multiple login attempts, which I can detect fairly easily. for example, 5 failed logins and the account is locked... I was also thinking in this case I could use a client side hash so that the backend system never see's a plain text password. I realise of course that the hash becomes the password, but at least the hosted environments would never see clear text before reaching my hosted hash stuff. ie clients that reuse 123456 for everything :) Anyway plenty for me to think about, thank you everybody. Peter -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
