summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@arthur-schiwon.de>2020-01-20 18:11:00 +0100
committerArthur Schiwon <blizzz@arthur-schiwon.de>2020-01-20 18:21:50 +0100
commit171bb982290b300edb9997948c2a11b3f4ba5d3e (patch)
treea2828b402aa68f1717cc50ae202f97b3fe9c62f3
parentddf6942d90097b909edac07513bb95c7107b9f4c (diff)
downloadnextcloud-server-171bb982290b300edb9997948c2a11b3f4ba5d3e.tar.gz
nextcloud-server-171bb982290b300edb9997948c2a11b3f4ba5d3e.zip
expose Argon2 options (as we did for bcrypt)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
-rw-r--r--config/config.sample.php25
-rw-r--r--lib/private/Security/Hasher.php6
2 files changed, 31 insertions, 0 deletions
diff --git a/config/config.sample.php b/config/config.sample.php
index 0122199db30..0daa0f93102 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -1434,6 +1434,31 @@ $CONFIG = array(
'tempdirectory' => '/tmp/nextcloudtemp',
/**
+ * Hashing
+ *
+ * Nextcloud uses the Argon2 algorithm (with PHP >= 7.2) to create hashes by its
+ * own and exposes its configuration options as following. More information can
+ * be found at: https://www.php.net/manual/en/function.password-hash.php
+ */
+
+/**
+ * The allowed maximum memory to be used by the algorithm for computing a hash.
+ */
+'hashingMemoryCost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
+
+/**
+ * The allowed maximum time that can be used by the algorithm for computing a
+ * hash.
+ */
+'hashingTimeCost' => PASSWORD_ARGON2_DEFAULT_TIME_COST,
+
+/**
+ * The allowed number of CPU threads that can be used by the algorithm for
+ * computing a hash.
+ */
+'hashingThreads' => PASSWORD_ARGON2_DEFAULT_THREADS,
+
+/**
* The hashing cost used by hashes generated by Nextcloud
* Using a higher value requires more time and CPU power to calculate the hashes
*/
diff --git a/lib/private/Security/Hasher.php b/lib/private/Security/Hasher.php
index dc7704cdcb7..1c5a691455b 100644
--- a/lib/private/Security/Hasher.php
+++ b/lib/private/Security/Hasher.php
@@ -63,6 +63,12 @@ class Hasher implements IHasher {
public function __construct(IConfig $config) {
$this->config = $config;
+ $this->options = [
+ 'memory_cost' => (int)$this->config->getSystemValue('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST),
+ 'time_cost' => (int)$this->config->getSystemValue('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST),
+ 'threads' => (int)$this->config->getSystemValue('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS),
+ ];
+
$hashingCost = $this->config->getSystemValue('hashingCost', null);
if(!\is_null($hashingCost)) {
$this->options['cost'] = $hashingCost;