Use argon as default password hash algorithm

[zeripath]

This is a partial repush of #10602

Changes to Password-Based Key Derivation

Currently, Gitea uses pbkdf2 as the default password hashing function. In this pull request, I replace that with argon2 as the default, for the following reasons:

pbkdf2 is uniquely vulnerable to GPU and ASIC-based attacks that argon2 and scrypt are much less vulnerable against.
pbkdf2 is vulnerable to acceleration attacks and to a host of other attacks that argon2 and scrypt are not vulnerable to.
Therefore, given the above and especially given that argon2 is a well-specified, formally studied design that has won the Password Hashing Competition, I think using it as the default instead of pbkdf2 makes complete sense.

Closes #10602

Many thanks to @KAepora for initial PR.

[techknowlogick]

LGTM

Is it worth it to create a migration to update the default value?

[zeripath]

Remember it's a hash. You don't have the original password so you can't write a migration you just have to let people login, test against the old hash and update to the new hash. The only other option is forcibly resetting everyone's password which we could make a doctor command for I guess?

[techknowlogick]

By migration I meant just the default value for the column rather than the content of the column itself, as otherwise the sync2 will update it. Although if we wanted to also update the column content we could have something in login that catches if existing hash is using different algo and update when the user is logging in.

[codecov-commenter]

Codecov Report

Merging #12688 into master will increase coverage by 0.00%.
The diff coverage is 11.81%.

@@           Coverage Diff           @@
##           master   #12688   +/-   ##
=======================================
  Coverage   43.29%   43.29%           
=======================================
  Files         646      645    -1     
  Lines       71592    71560   -32     
=======================================
- Hits        30993    30985    -8     
+ Misses      35583    35554   -29     
- Partials     5016     5021    +5     

Impacted Files	Coverage Δ
models/user.go	53.56% <ø> (-0.20%)	⬇️
modules/graceful/server.go	47.00% <0.00%> (-0.41%)	⬇️
modules/highlight/highlight.go	24.69% <0.00%> (ø)
modules/migrations/gitlab.go	1.04% <0.00%> (-0.10%)	⬇️
modules/session/virtual.go	60.20% <0.00%> (ø)
routers/repo/issue.go	37.51% <0.00%> (-0.03%)	⬇️
modules/migrations/base/downloader.go	17.64% <5.12%> (-5.72%)	⬇️
modules/migrations/github.go	83.36% <100.00%> (-0.41%)	⬇️
modules/migrations/migrate.go	23.95% <100.00%> (-0.46%)	⬇️
modules/setting/setting.go	46.81% <100.00%> (ø)
... and 13 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8fa7a4b...ab8eb84. Read the comment docs.

[bagasme]

What about specific notes for migrating for pbkdf2 to argon? Simply changing app.ini is enough?

[zeripath]

yes simply changing the app.ini is enough.

[silverwind]

Should this have included a migration? I'm seeing these warnings (MariaDB):

2020/09/09 21:21:11 ...rm/session_schema.go:360:Sync2() [W] Table user Column passwd_hash_algo db default is 'pbkdf2', struct default is 'argon2'

[lafriks]

Yeah, this should have migration to change default for column

[zeripath]

Can't change default columns without recreate-table.

[zeripath]

fortunately we now have recreate-table

[zeripath]

so if it's really wanted we could use recreate-table in a migration