mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
fix(configuration): lower argon2id default memory requirements (#1762)
* fix(configuration): lower argon2id default memory requirements The current default hashing value of 1024MB (1GB) is far too aggressive to cover all use cases. Reducing this number and encouraging users to to read the documentation and tune will result in less issues and a better user experience. * test: fix broken tests
This commit is contained in:
parent
f24ec3989a
commit
2a1f5e3f8d
|
@ -39,7 +39,7 @@ authentication_backend:
|
||||||
iterations: 1
|
iterations: 1
|
||||||
salt_length: 16
|
salt_length: 16
|
||||||
parallelism: 8
|
parallelism: 8
|
||||||
memory: 1024
|
memory: 64
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
@ -108,7 +108,7 @@ Flags:
|
||||||
-h, --help help for hash-password
|
-h, --help help for hash-password
|
||||||
-i, --iterations int set the number of hashing iterations (default 1)
|
-i, --iterations int set the number of hashing iterations (default 1)
|
||||||
-k, --key-length int [argon2id] set the key length param (default 32)
|
-k, --key-length int [argon2id] set the key length param (default 32)
|
||||||
-m, --memory int [argon2id] set the amount of memory param (in MB) (default 1024)
|
-m, --memory int [argon2id] set the amount of memory param (in MB) (default 64)
|
||||||
-p, --parallelism int [argon2id] set the parallelism param (default 8)
|
-p, --parallelism int [argon2id] set the parallelism param (default 8)
|
||||||
-s, --salt string set the salt string
|
-s, --salt string set the salt string
|
||||||
-l, --salt-length int set the auto-generated salt length (default 16)
|
-l, --salt-length int set the auto-generated salt length (default 16)
|
||||||
|
@ -199,7 +199,7 @@ parameters below, or for a more in depth understanding see the referenced docume
|
||||||
#### memory
|
#### memory
|
||||||
- Value Type: Int
|
- Value Type: Int
|
||||||
- Possible Value: at least `8` times the value of `parallelism`
|
- Possible Value: at least `8` times the value of `parallelism`
|
||||||
- Recommended: `1024` (1GB) or as much RAM as you can afford to give to hashing
|
- Recommended: `64` (64MB) or as much RAM as you can afford to give to hashing
|
||||||
- What it Does: Sets the amount of RAM used in MB for hashing
|
- What it Does: Sets the amount of RAM used in MB for hashing
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -38,7 +38,7 @@ func TestShouldHashArgon2idPassword(t *testing.T) {
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Equal(t, argon2id, code)
|
assert.Equal(t, argon2id, code)
|
||||||
assert.Equal(t, "BpLnfgDsc2WD8F2q", salt)
|
assert.Equal(t, "BpLnfgDsc2WD8F2q", salt)
|
||||||
assert.Equal(t, "O126GHPeZ5fwj7OLSs7PndXsTbje76R+QW9/EGfhkJg", key)
|
assert.Equal(t, "f+Y+KaS12gkNHN0Llc9kqDZuk1OYvoXj8t+5DcPbgY4", key)
|
||||||
assert.Equal(t, schema.DefaultCIPasswordConfiguration.Iterations, parameters.GetInt("t", HashingDefaultArgon2idTime))
|
assert.Equal(t, schema.DefaultCIPasswordConfiguration.Iterations, parameters.GetInt("t", HashingDefaultArgon2idTime))
|
||||||
assert.Equal(t, schema.DefaultCIPasswordConfiguration.Memory*1024, parameters.GetInt("m", HashingDefaultArgon2idMemory))
|
assert.Equal(t, schema.DefaultCIPasswordConfiguration.Memory*1024, parameters.GetInt("m", HashingDefaultArgon2idMemory))
|
||||||
assert.Equal(t, schema.DefaultCIPasswordConfiguration.Parallelism, parameters.GetInt("p", HashingDefaultArgon2idParallelism))
|
assert.Equal(t, schema.DefaultCIPasswordConfiguration.Parallelism, parameters.GetInt("p", HashingDefaultArgon2idParallelism))
|
||||||
|
@ -219,7 +219,7 @@ func TestShouldNotParseArgon2idHashWithWrongKeyLength(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestShouldParseArgon2idHash(t *testing.T) {
|
func TestShouldParseArgon2idHash(t *testing.T) {
|
||||||
passwordHash, err := ParseHash("$argon2id$v=19$m=131072,t=1,p=8$BpLnfgDsc2WD8F2q$G4fD5nJwXHDMS+u0eEMKvU0LF23jxbSmJSxhSLTteHE")
|
passwordHash, err := ParseHash("$argon2id$v=19$m=65536,t=1,p=8$NEwwcVNuQWlQMFpkMndxdg$LlHjiLxPB94pdmOiNwr7Bgy+uy3huSv6y9phCQ+mLls")
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Equal(t, schema.DefaultCIPasswordConfiguration.Iterations, passwordHash.Iterations)
|
assert.Equal(t, schema.DefaultCIPasswordConfiguration.Iterations, passwordHash.Iterations)
|
||||||
assert.Equal(t, schema.DefaultCIPasswordConfiguration.Parallelism, passwordHash.Parallelism)
|
assert.Equal(t, schema.DefaultCIPasswordConfiguration.Parallelism, passwordHash.Parallelism)
|
||||||
|
|
|
@ -51,7 +51,7 @@ var DefaultPasswordConfiguration = PasswordConfiguration{
|
||||||
KeyLength: 32,
|
KeyLength: 32,
|
||||||
SaltLength: 16,
|
SaltLength: 16,
|
||||||
Algorithm: argon2id,
|
Algorithm: argon2id,
|
||||||
Memory: 1024,
|
Memory: 64,
|
||||||
Parallelism: 8,
|
Parallelism: 8,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -61,7 +61,7 @@ var DefaultCIPasswordConfiguration = PasswordConfiguration{
|
||||||
KeyLength: 32,
|
KeyLength: 32,
|
||||||
SaltLength: 16,
|
SaltLength: 16,
|
||||||
Algorithm: argon2id,
|
Algorithm: argon2id,
|
||||||
Memory: 128,
|
Memory: 64,
|
||||||
Parallelism: 8,
|
Parallelism: 8,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user