diff options
| author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2020-01-20 18:11:00 +0100 |
|---|---|---|
| committer | Backportbot <backportbot-noreply@rullzer.com> | 2020-01-23 10:48:42 +0000 |
| commit | 42756b46555a0dc056b0709d563347beb050bb02 (patch) | |
| tree | 0dc68fa70fd1041cc2697f7e4588298529df7f68 | |
| parent | c9d852ade23e8cf61feae355215c4c150f7d0c99 (diff) | |
| download | nextcloud-server-42756b46555a0dc056b0709d563347beb050bb02.tar.gz nextcloud-server-42756b46555a0dc056b0709d563347beb050bb02.zip | |
expose Argon2 options (as we did for bcrypt)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
| -rw-r--r-- | config/config.sample.php | 25 | ||||
| -rw-r--r-- | lib/private/Security/Hasher.php | 6 |
2 files changed, 31 insertions, 0 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index b2b9f76eb65..96b42d333d1 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -1434,6 +1434,31 @@ $CONFIG = array( 'tempdirectory' => '/tmp/nextcloudtemp', /** + * Hashing + * + * Nextcloud uses the Argon2 algorithm (with PHP >= 7.2) to create hashes by its + * own and exposes its configuration options as following. More information can + * be found at: https://www.php.net/manual/en/function.password-hash.php + */ + +/** + * The allowed maximum memory to be used by the algorithm for computing a hash. + */ +'hashingMemoryCost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST, + +/** + * The allowed maximum time that can be used by the algorithm for computing a + * hash. + */ +'hashingTimeCost' => PASSWORD_ARGON2_DEFAULT_TIME_COST, + +/** + * The allowed number of CPU threads that can be used by the algorithm for + * computing a hash. + */ +'hashingThreads' => PASSWORD_ARGON2_DEFAULT_THREADS, + +/** * The hashing cost used by hashes generated by Nextcloud * Using a higher value requires more time and CPU power to calculate the hashes */ diff --git a/lib/private/Security/Hasher.php b/lib/private/Security/Hasher.php index dc7704cdcb7..1c5a691455b 100644 --- a/lib/private/Security/Hasher.php +++ b/lib/private/Security/Hasher.php @@ -63,6 +63,12 @@ class Hasher implements IHasher { public function __construct(IConfig $config) { $this->config = $config; + $this->options = [ + 'memory_cost' => (int)$this->config->getSystemValue('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST), + 'time_cost' => (int)$this->config->getSystemValue('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST), + 'threads' => (int)$this->config->getSystemValue('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), + ]; + $hashingCost = $this->config->getSystemValue('hashingCost', null); if(!\is_null($hashingCost)) { $this->options['cost'] = $hashingCost; |