From ab32344308e0eb74e0f06a28332170d9fac20a2a Mon Sep 17 00:00:00 2001 From: MichaIng Date: Fri, 9 Oct 2020 20:18:32 +0200 Subject: [PATCH] Fix Argon2 descriptions The threads option for the password_hash function does not define the maximum allowed number of CPU threads to be used by the hashing algorithm but the exact number of threads that is used. Similarly the memory_cost option for the password_hash function does not define the maximum allowed memory to be used by the hashing algorithm, but the exact amount of memory that is used by the hashing table. The minimum value is 8 KiB per thread. The time_cost option for the password_hash function does not define the allowed time in seconds, but the number of iterations for the hash function. If the minimum values are understood, the minimum values are used instead. Signed-off-by: MichaIng --- config/config.sample.php | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/config/config.sample.php b/config/config.sample.php index 2710fbf5fdb5b..1aba6f6381f7f 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -1530,27 +1530,26 @@ */ /** - * The allowed maximum memory in KiB to be used by the algorithm for computing a - * hash. The smallest possible value is 8. Values that undershoot the minimum - * will be ignored in favor of the default. + * The number of CPU threads to be used by the algorithm for computing a hash. + * The value must be an integer, and the minimum value is 1. Rationally it does + * not help to provide a number higher than the available threads on the machine. + * Values that undershoot the minimum will be ignored in favor of the minimum. */ -'hashingMemoryCost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST, +'hashingThreads' => PASSWORD_ARGON2_DEFAULT_THREADS, /** - * The allowed maximum time in seconds that can be used by the algorithm for - * computing a hash. The value must be an integer, and the minimum value is 1. - * Values that undershoot the minimum will be ignored in favor of the default. + * The memory in KiB to be used by the algorithm for computing a hash. The value + * must be an integer, and the minimum value is 8 times the number of CPU threads. + * Values that undershoot the minimum will be ignored in favor of the minimum. */ -'hashingTimeCost' => PASSWORD_ARGON2_DEFAULT_TIME_COST, +'hashingMemoryCost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST, /** - * The allowed number of CPU threads that can be used by the algorithm for - * computing a hash. The value must be an integer, and the minimum value is 1. - * Rationally it does not help to provide a number higher than the available - * threads on the machine. Values that undershoot the minimum will be ignored - * in favor of the default. + * The number of iterations that are used by the algorithm for computing a hash. + * The value must be an integer, and the minimum value is 1. Values that + * undershoot the minimum will be ignored in favor of the minimum. */ -'hashingThreads' => PASSWORD_ARGON2_DEFAULT_THREADS, +'hashingTimeCost' => PASSWORD_ARGON2_DEFAULT_TIME_COST, /** * The hashing cost used by hashes generated by Nextcloud