diff options
author | BlackDex <[email protected]> | 2023-02-28 23:09:51 +0100 |
---|---|---|
committer | BlackDex <[email protected]> | 2023-03-04 16:15:30 +0100 |
commit | de157b26543172fe48aa44af578e229b1db65475 (patch) | |
tree | 0344a62b1cee699842c02195840aaebed966f51f /Cargo.lock | |
parent | 337cbfaf22ee28316ea09e859be0527416fe7da5 (diff) | |
download | vaultwarden-de157b26543172fe48aa44af578e229b1db65475.tar.gz vaultwarden-de157b26543172fe48aa44af578e229b1db65475.zip |
Admin token Argon2 hashing support
Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead
of only supporting a plain text string.
The hash must be a PHC string which can be generated via the `argon2`
CLI **or** via the also built-in hash command in Vaultwarden.
You can simply run `vaultwarden hash` to generate a hash based upon a
password the user provides them self.
Added a warning during startup and within the admin settings panel is
the `ADMIN_TOKEN` is not an Argon2 hash.
Within the admin environment a user can ignore that warning and it will
not be shown for at least 30 days. After that the warning will appear
again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash.
I have also tested this on my RaspberryPi 2b and there the `Bitwarden`
preset takes almost 4.5 seconds to generate/verify the Argon2 hash.
Using the `OWASP` preset it is below 1 second, which I think should be
fine for low-graded hardware. If it is needed people could use lower
memory settings, but in those cases I even doubt Vaultwarden it self
would run. They can always use the `argon2` CLI and generate a faster hash.
Diffstat (limited to 'Cargo.lock')
-rw-r--r-- | Cargo.lock | 60 |
1 files changed, 60 insertions, 0 deletions
@@ -86,6 +86,17 @@ dependencies = [ ] [[package]] +name = "argon2" +version = "0.5.0-pre.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0efde6c15a373abaefe544ddae9fc024eac3073798ba0c40043fd655f3535eb8" +dependencies = [ + "base64ct", + "blake2", + "password-hash", +] + +[[package]] name = "async-channel" version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -325,6 +336,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a4a4ddaa51a5bc52a6948f74c06d20aaaddb71924eab79b8c97a8c556e942d6a" [[package]] +name = "base64ct" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" + +[[package]] name = "binascii" version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -337,6 +354,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] +name = "blake2" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe" +dependencies = [ + "digest", +] + +[[package]] name = "block-buffer" version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -2007,6 +2033,17 @@ dependencies = [ ] [[package]] +name = "password-hash" +version = "0.5.0-pre.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4d9d7f72dbf886af2c2a8d4a2ddfb4eea37e4d77ea3bde49f79af7c577e37908" +dependencies = [ + "base64ct", + "rand_core", + "subtle", +] + +[[package]] name = "paste" version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -2586,6 +2623,27 @@ dependencies = [ ] [[package]] +name = "rpassword" +version = "7.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6678cf63ab3491898c0d021b493c94c9b221d91295294a2a5746eacbe5928322" +dependencies = [ + "libc", + "rtoolbox", + "winapi", +] + +[[package]] +name = "rtoolbox" +version = "0.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "034e22c514f5c0cb8a10ff341b9b048b5ceb21591f31c8f44c43b960f9b3524a" +dependencies = [ + "libc", + "winapi", +] + +[[package]] name = "rustc-demangle" version = "0.1.21" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -3425,6 +3483,7 @@ dependencies = [ name = "vaultwarden" version = "1.0.0" dependencies = [ + "argon2", "backtrace", "bytes", "cached", @@ -3464,6 +3523,7 @@ dependencies = [ "ring", "rmpv", "rocket", + "rpassword", "semver", "serde", "serde_json", |