fix(configuration): lower argon2id default memory requirements (#1762)

* fix(configuration): lower argon2id default memory requirements

The current default hashing value of 1024MB (1GB) is far too aggressive to cover all use cases.
Reducing this number and encouraging users to to read the documentation and tune will result in less issues and a better user experience.

* test: fix broken tests
This commit is contained in:
Amir Zarrinkafsh 2021-03-03 20:19:28 +11:00 committed by GitHub
parent f24ec3989a
commit 2a1f5e3f8d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 7 deletions

View File

@ -39,7 +39,7 @@ authentication_backend:
iterations: 1
salt_length: 16
parallelism: 8
memory: 1024
memory: 64
```
@ -108,7 +108,7 @@ Flags:
-h, --help help for hash-password
-i, --iterations int set the number of hashing iterations (default 1)
-k, --key-length int [argon2id] set the key length param (default 32)
-m, --memory int [argon2id] set the amount of memory param (in MB) (default 1024)
-m, --memory int [argon2id] set the amount of memory param (in MB) (default 64)
-p, --parallelism int [argon2id] set the parallelism param (default 8)
-s, --salt string set the salt string
-l, --salt-length int set the auto-generated salt length (default 16)
@ -199,7 +199,7 @@ parameters below, or for a more in depth understanding see the referenced docume
#### memory
- Value Type: Int
- Possible Value: at least `8` times the value of `parallelism`
- Recommended: `1024` (1GB) or as much RAM as you can afford to give to hashing
- Recommended: `64` (64MB) or as much RAM as you can afford to give to hashing
- What it Does: Sets the amount of RAM used in MB for hashing

View File

@ -38,7 +38,7 @@ func TestShouldHashArgon2idPassword(t *testing.T) {
assert.NoError(t, err)
assert.Equal(t, argon2id, code)
assert.Equal(t, "BpLnfgDsc2WD8F2q", salt)
assert.Equal(t, "O126GHPeZ5fwj7OLSs7PndXsTbje76R+QW9/EGfhkJg", key)
assert.Equal(t, "f+Y+KaS12gkNHN0Llc9kqDZuk1OYvoXj8t+5DcPbgY4", key)
assert.Equal(t, schema.DefaultCIPasswordConfiguration.Iterations, parameters.GetInt("t", HashingDefaultArgon2idTime))
assert.Equal(t, schema.DefaultCIPasswordConfiguration.Memory*1024, parameters.GetInt("m", HashingDefaultArgon2idMemory))
assert.Equal(t, schema.DefaultCIPasswordConfiguration.Parallelism, parameters.GetInt("p", HashingDefaultArgon2idParallelism))
@ -219,7 +219,7 @@ func TestShouldNotParseArgon2idHashWithWrongKeyLength(t *testing.T) {
}
func TestShouldParseArgon2idHash(t *testing.T) {
passwordHash, err := ParseHash("$argon2id$v=19$m=131072,t=1,p=8$BpLnfgDsc2WD8F2q$G4fD5nJwXHDMS+u0eEMKvU0LF23jxbSmJSxhSLTteHE")
passwordHash, err := ParseHash("$argon2id$v=19$m=65536,t=1,p=8$NEwwcVNuQWlQMFpkMndxdg$LlHjiLxPB94pdmOiNwr7Bgy+uy3huSv6y9phCQ+mLls")
assert.NoError(t, err)
assert.Equal(t, schema.DefaultCIPasswordConfiguration.Iterations, passwordHash.Iterations)
assert.Equal(t, schema.DefaultCIPasswordConfiguration.Parallelism, passwordHash.Parallelism)

View File

@ -51,7 +51,7 @@ var DefaultPasswordConfiguration = PasswordConfiguration{
KeyLength: 32,
SaltLength: 16,
Algorithm: argon2id,
Memory: 1024,
Memory: 64,
Parallelism: 8,
}
@ -61,7 +61,7 @@ var DefaultCIPasswordConfiguration = PasswordConfiguration{
KeyLength: 32,
SaltLength: 16,
Algorithm: argon2id,
Memory: 128,
Memory: 64,
Parallelism: 8,
}