Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/client password hashing #4375

Open
wants to merge 4 commits into
base: devel
Choose a base branch
from
Open

Feature/client password hashing #4375

wants to merge 4 commits into from

Conversation

evilaliv3
Copy link
Member

@evilaliv3 evilaliv3 commented Jan 12, 2025
edited
Loading

This pull requests moves password hashing on with the following properties:

  • Key derivation is now performed on the client with 16 steps and memory requirement set to 128MB
  • The backend will preserve a sha512 hash of the key in order to perform authentication
  • Users with a previous configuration will be able to perform a first login supported by the backend and automatically will transition into client hashing mode after their first password change
  • Whistleblowers of an existent system with existing will continue to need to be supported by the backend with backend key derivation for old and new report; New systems, systems with no reports or systems where every existing reports expire will automatically start using client key derivation
  • proof of work has been re-implemented replacing sha256 with argon2id with 1 iteration and 1MB of RAM requirement;
  • python base64 encoding has been replaced with nacl.encoding.Base64Encoder preferring usage of functions designed in the context of cryptographic applications

@evilaliv3 evilaliv3 requested a review from a team as a code owner January 12, 2025 20:53
@codacy-production Codacy Production
Copy link

codacy-production bot commented Jan 12, 2025
edited
Loading

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
-12.10% (target: -0.10%) 79.58% (target: 70.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (2a1a9ec) 19234 16089 83.65%
Head commit (ffc853b) 43590 (+24356) 31186 (+15097) 71.54% (-12.10%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#4375) 480 382 79.58%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more

@evilaliv3
Copy link
Member Author

@msmannan00 : when you like please feel free to proceed with the review of this pull request as well! thank you

@evilaliv3 evilaliv3 requested a review from msmannan00 January 12, 2025 20:55
@evilaliv3 evilaliv3 force-pushed the feature/client-password-hashing branch from d8f4db0 to ba8bfc3 Compare January 12, 2025 21:06
@evilaliv3 evilaliv3 changed the base branch from stable to devel January 12, 2025 21:06
@evilaliv3 evilaliv3 force-pushed the feature/client-password-hashing branch 3 times, most recently from 1ca8b94 to 1d7e0e1 Compare January 17, 2025 20:38
@evilaliv3 evilaliv3 force-pushed the devel branch 3 times, most recently from 7f823c4 to 2a1a9ec Compare January 18, 2025 16:02
evilaliv3 and others added 4 commits January 18, 2025 17:02
@evilaliv3 @msmannan00
Refactor application moving password hashing on the client
4193ebf 
Co-authored-by: Giovanni Pellerano <[email protected]>
Co-authored-by: عبدالمنان <[email protected]>
@evilaliv3
[ci] Update tests in relation to possibilities of both backend and cl…
2c0470c 
…ientside key derivation
@evilaliv3
Refactor backend code ensuring to use nacl.encoding.Base64Encoder in …
53938d8 
…place of python base64
@evilaliv3
Implement crypto worker delegated to:
ffc853b 
- computation of argon2 for password hashing
- computation of argon2 for renewed proof of work
- future crypto duties
@evilaliv3 evilaliv3 force-pushed the feature/client-password-hashing branch from 1d7e0e1 to ffc853b Compare January 18, 2025 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msmannan00 msmannan00 Awaiting requested review from msmannan00

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@evilaliv3