summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/config.sample.php31
-rw-r--r--lib/private/Security/Hasher.php14
2 files changed, 45 insertions, 0 deletions
diff --git a/config/config.sample.php b/config/config.sample.php
index 0122199db30..e1c62087108 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -1434,6 +1434,37 @@ $CONFIG = array(
'tempdirectory' => '/tmp/nextcloudtemp',
/**
+ * Hashing
+ *
+ * Nextcloud uses the Argon2 algorithm (with PHP >= 7.2) to create hashes by its
+ * own and exposes its configuration options as following. More information can
+ * be found at: https://www.php.net/manual/en/function.password-hash.php
+ */
+
+/**
+ * The allowed maximum memory in KiB to be used by the algorithm for computing a
+ * hash. The smallest possible value is 8. Values that undershoot the minimum
+ * will be ignored in favor of the default.
+ */
+'hashingMemoryCost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
+
+/**
+ * The allowed maximum time in seconds that can be used by the algorithm for
+ * computing a hash. The value must be an integer, and the minimum value is 1.
+ * Values that undershoot the minimum will be ignored in favor of the default.
+ */
+'hashingTimeCost' => PASSWORD_ARGON2_DEFAULT_TIME_COST,
+
+/**
+ * The allowed number of CPU threads that can be used by the algorithm for
+ * computing a hash. The value must be an integer, and the minimum value is 1.
+ * Rationally it does not help to provide a number higher than the available
+ * threads on the machine. Values that undershoot the minimum will be ignored
+ * in favor of the default.
+ */
+'hashingThreads' => PASSWORD_ARGON2_DEFAULT_THREADS,
+
+/**
* The hashing cost used by hashes generated by Nextcloud
* Using a higher value requires more time and CPU power to calculate the hashes
*/
diff --git a/lib/private/Security/Hasher.php b/lib/private/Security/Hasher.php
index dc7704cdcb7..5f8529c7828 100644
--- a/lib/private/Security/Hasher.php
+++ b/lib/private/Security/Hasher.php
@@ -63,6 +63,20 @@ class Hasher implements IHasher {
public function __construct(IConfig $config) {
$this->config = $config;
+ if (\defined('PASSWORD_ARGON2I')) {
+ // password_hash fails, when the minimum values are undershot.
+ // In this case, ignore and revert to default
+ if ($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 8) {
+ $this->options['memory_cost'] = $this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST);
+ }
+ if ($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) {
+ $this->options['time_cost'] = $this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST);
+ }
+ if ($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) {
+ $this->options['threads'] = $this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS);
+ }
+ }
+
$hashingCost = $this->config->getSystemValue('hashingCost', null);
if(!\is_null($hashingCost)) {
$this->options['cost'] = $hashingCost;