From 2a1f5e3f8dd4da706dc10c84e30dcbc208108474 Mon Sep 17 00:00:00 2001 From: Amir Zarrinkafsh Date: Wed, 3 Mar 2021 20:19:28 +1100 Subject: [PATCH] fix(configuration): lower argon2id default memory requirements (#1762) * fix(configuration): lower argon2id default memory requirements The current default hashing value of 1024MB (1GB) is far too aggressive to cover all use cases. Reducing this number and encouraging users to to read the documentation and tune will result in less issues and a better user experience. * test: fix broken tests --- docs/configuration/authentication/file.md | 6 +++--- internal/authentication/password_hash_test.go | 4 ++-- internal/configuration/schema/authentication.go | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/configuration/authentication/file.md b/docs/configuration/authentication/file.md index a02259646..b0a830ad6 100644 --- a/docs/configuration/authentication/file.md +++ b/docs/configuration/authentication/file.md @@ -39,7 +39,7 @@ authentication_backend: iterations: 1 salt_length: 16 parallelism: 8 - memory: 1024 + memory: 64 ``` @@ -108,7 +108,7 @@ Flags: -h, --help help for hash-password -i, --iterations int set the number of hashing iterations (default 1) -k, --key-length int [argon2id] set the key length param (default 32) - -m, --memory int [argon2id] set the amount of memory param (in MB) (default 1024) + -m, --memory int [argon2id] set the amount of memory param (in MB) (default 64) -p, --parallelism int [argon2id] set the parallelism param (default 8) -s, --salt string set the salt string -l, --salt-length int set the auto-generated salt length (default 16) @@ -199,7 +199,7 @@ parameters below, or for a more in depth understanding see the referenced docume #### memory - Value Type: Int - Possible Value: at least `8` times the value of `parallelism` - - Recommended: `1024‬‬` (1GB) or as much RAM as you can afford to give to hashing + - Recommended: `64` (64MB) or as much RAM as you can afford to give to hashing - What it Does: Sets the amount of RAM used in MB for hashing diff --git a/internal/authentication/password_hash_test.go b/internal/authentication/password_hash_test.go index 3436e9f29..a95f05b23 100644 --- a/internal/authentication/password_hash_test.go +++ b/internal/authentication/password_hash_test.go @@ -38,7 +38,7 @@ func TestShouldHashArgon2idPassword(t *testing.T) { assert.NoError(t, err) assert.Equal(t, argon2id, code) assert.Equal(t, "BpLnfgDsc2WD8F2q", salt) - assert.Equal(t, "O126GHPeZ5fwj7OLSs7PndXsTbje76R+QW9/EGfhkJg", key) + assert.Equal(t, "f+Y+KaS12gkNHN0Llc9kqDZuk1OYvoXj8t+5DcPbgY4", key) assert.Equal(t, schema.DefaultCIPasswordConfiguration.Iterations, parameters.GetInt("t", HashingDefaultArgon2idTime)) assert.Equal(t, schema.DefaultCIPasswordConfiguration.Memory*1024, parameters.GetInt("m", HashingDefaultArgon2idMemory)) assert.Equal(t, schema.DefaultCIPasswordConfiguration.Parallelism, parameters.GetInt("p", HashingDefaultArgon2idParallelism)) @@ -219,7 +219,7 @@ func TestShouldNotParseArgon2idHashWithWrongKeyLength(t *testing.T) { } func TestShouldParseArgon2idHash(t *testing.T) { - passwordHash, err := ParseHash("$argon2id$v=19$m=131072,t=1,p=8$BpLnfgDsc2WD8F2q$G4fD5nJwXHDMS+u0eEMKvU0LF23jxbSmJSxhSLTteHE") + passwordHash, err := ParseHash("$argon2id$v=19$m=65536,t=1,p=8$NEwwcVNuQWlQMFpkMndxdg$LlHjiLxPB94pdmOiNwr7Bgy+uy3huSv6y9phCQ+mLls") assert.NoError(t, err) assert.Equal(t, schema.DefaultCIPasswordConfiguration.Iterations, passwordHash.Iterations) assert.Equal(t, schema.DefaultCIPasswordConfiguration.Parallelism, passwordHash.Parallelism) diff --git a/internal/configuration/schema/authentication.go b/internal/configuration/schema/authentication.go index 15e4a6f8b..56a633c6e 100644 --- a/internal/configuration/schema/authentication.go +++ b/internal/configuration/schema/authentication.go @@ -51,7 +51,7 @@ var DefaultPasswordConfiguration = PasswordConfiguration{ KeyLength: 32, SaltLength: 16, Algorithm: argon2id, - Memory: 1024, + Memory: 64, Parallelism: 8, } @@ -61,7 +61,7 @@ var DefaultCIPasswordConfiguration = PasswordConfiguration{ KeyLength: 32, SaltLength: 16, Algorithm: argon2id, - Memory: 128, + Memory: 64, Parallelism: 8, }