diff options
author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2020-01-20 18:11:00 +0100 |
---|---|---|
committer | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2020-01-20 18:21:50 +0100 |
commit | 171bb982290b300edb9997948c2a11b3f4ba5d3e (patch) | |
tree | a2828b402aa68f1717cc50ae202f97b3fe9c62f3 | |
parent | ddf6942d90097b909edac07513bb95c7107b9f4c (diff) | |
download | nextcloud-server-171bb982290b300edb9997948c2a11b3f4ba5d3e.tar.gz nextcloud-server-171bb982290b300edb9997948c2a11b3f4ba5d3e.zip |
expose Argon2 options (as we did for bcrypt)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
-rw-r--r-- | config/config.sample.php | 25 | ||||
-rw-r--r-- | lib/private/Security/Hasher.php | 6 |
2 files changed, 31 insertions, 0 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index 0122199db30..0daa0f93102 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -1434,6 +1434,31 @@ $CONFIG = array( 'tempdirectory' => '/tmp/nextcloudtemp', /** + * Hashing + * + * Nextcloud uses the Argon2 algorithm (with PHP >= 7.2) to create hashes by its + * own and exposes its configuration options as following. More information can + * be found at: https://www.php.net/manual/en/function.password-hash.php + */ + +/** + * The allowed maximum memory to be used by the algorithm for computing a hash. + */ +'hashingMemoryCost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST, + +/** + * The allowed maximum time that can be used by the algorithm for computing a + * hash. + */ +'hashingTimeCost' => PASSWORD_ARGON2_DEFAULT_TIME_COST, + +/** + * The allowed number of CPU threads that can be used by the algorithm for + * computing a hash. + */ +'hashingThreads' => PASSWORD_ARGON2_DEFAULT_THREADS, + +/** * The hashing cost used by hashes generated by Nextcloud * Using a higher value requires more time and CPU power to calculate the hashes */ diff --git a/lib/private/Security/Hasher.php b/lib/private/Security/Hasher.php index dc7704cdcb7..1c5a691455b 100644 --- a/lib/private/Security/Hasher.php +++ b/lib/private/Security/Hasher.php @@ -63,6 +63,12 @@ class Hasher implements IHasher { public function __construct(IConfig $config) { $this->config = $config; + $this->options = [ + 'memory_cost' => (int)$this->config->getSystemValue('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST), + 'time_cost' => (int)$this->config->getSystemValue('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST), + 'threads' => (int)$this->config->getSystemValue('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), + ]; + $hashingCost = $this->config->getSystemValue('hashingCost', null); if(!\is_null($hashingCost)) { $this->options['cost'] = $hashingCost; |