Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feat] Allow configuring argon2id parameters #4291

Merged
merged 52 commits into from
Oct 21, 2024
Merged

[feat] Allow configuring argon2id parameters #4291

merged 52 commits into from
Oct 21, 2024

Conversation

elland
Copy link
Contributor

@elland elland commented Oct 10, 2024
edited
Loading

https://wearezeta.atlassian.net/browse/WPB-9746

Checklist

  • Add a new entry in an appropriate subdirectory of changelog.d
  • Read and follow the PR guidelines

@echoes-hq echoes-hq bot added the echoes: technical-roadmap/security More specific category, to highlight task that tackle security requirements. label Oct 10, 2024
@zebot zebot added the ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist label Oct 10, 2024
elland and others added 2 commits October 10, 2024 14:28
@fisx fisx mentioned this pull request Oct 11, 2024
Closed
@elland elland force-pushed the configurable-argon branch from 2360f08 to 1f4d18e Compare October 14, 2024 07:05
elland added 5 commits October 16, 2024 14:35
@elland
brig: Adapt for simplified password hashing options
e0fa88d 
- passwordHashingOptions are no longer optional in settings, expect helm
  chart to have set the right defaults.
- Brig.Provider.DB no longer hashes password, it expects hashed password
  to be passed in. Functions at higher level call HashPassword effect.
  These will eventually move to AuthenticationSubsystem (or something
  similar for providers)
@elland
galley: Allow configuring password hashing options
a3d5bfe
@elland
hack/helm_var: Configure password hashing options for galley
ec11876 
Optimize for test run time, not security.
@elland
brig: Removed debug logging
5ff3b18 
Was here to inspect CI env.
@elland
Lint out redundant language pragma.
50c6685
@akshaymankar akshaymankar changed the title [feat] Make Argon parameters configurable through config options [feat] Allow configuring argon2id parameters Oct 16, 2024
fisx
fisx reviewed Oct 21, 2024
View reviewed changes
services/brig/src/Brig/Provider/API.hs Outdated Show resolved Hide resolved
services/brig/src/Brig/Data/User.hs Outdated Show resolved Hide resolved
libs/wire-api/test/unit/Test/Wire/API/Password.hs Show resolved Hide resolved
changelog.d/2-features/add-config-for-pwd-hash Show resolved Hide resolved
docs/src/developer/reference/config-options.md Show resolved Hide resolved
fisx
fisx reviewed Oct 21, 2024
View reviewed changes
Copy link
Contributor

@fisx fisx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

notes to self:

  • need to review changes to server options more closely?
  • are the settings correct everywhere?
  • do they always match between brig, galley?
  • is the error mapping unchanged whereever possible?

services/brig/src/Brig/User/Auth.hs Show resolved Hide resolved
@elland elland force-pushed the configurable-argon branch from e25a8f1 to 9940aaf Compare October 21, 2024 13:35
@fisx fisx merged commit b94e3c6 into develop Oct 21, 2024
9 of 10 checks passed
@fisx fisx deleted the configurable-argon branch October 21, 2024 15:51
This was referenced Oct 23, 2024
Closed
Closed
@zebot zebot mentioned this pull request Oct 30, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fisx fisx fisx approved these changes

Assignees
No one assigned
Labels
echoes: technical-roadmap/security More specific category, to highlight task that tackle security requirements. ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@elland @fisx @zebot