From 6c0f8ca95579e3b311813cdf6777c5f64c271b94 Mon Sep 17 00:00:00 2001 From: Minecon724 Date: Wed, 2 Apr 2025 15:27:27 +0200 Subject: [PATCH] Tweak argon2 settings --- src/anonchat/__init__.py | 7 ++++++- src/anonchat/models.py | 8 ++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/anonchat/__init__.py b/src/anonchat/__init__.py index 7e383ba..7a00076 100644 --- a/src/anonchat/__init__.py +++ b/src/anonchat/__init__.py @@ -46,7 +46,12 @@ elif app.config['SESSION_TYPE'] == 'filesystem': app.config['SESSION_KEY_PREFIX'] = 'anonchat_session:' # Initialize password hasher -password_hasher = PasswordHasher() +# Parameters source: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id +password_hasher = PasswordHasher( + time_cost=2, + memory_cost=19456, + parallelism=1 +) # Initialize session with Redis storage Session(app) diff --git a/src/anonchat/models.py b/src/anonchat/models.py index 75f43af..77aa6f7 100644 --- a/src/anonchat/models.py +++ b/src/anonchat/models.py @@ -32,10 +32,18 @@ class Admin(db.Model): """Hash a password using Argon2id""" return password_hasher.hash(password) + def rehash_password(self, password): + """Rehash a password using Argon2id""" + self.password_hash = self.hash_password(password) + db.session.add(self) + db.session.commit() + def verify_password(self, password): """Verify a password against the stored hash""" try: password_hasher.verify(self.password_hash, password) + if password_hasher.check_needs_rehash(self.password_hash): + self.rehash_password(password) return True except argon2.exceptions.VerifyMismatchError: return False \ No newline at end of file