m724/anonsubmit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Tweak argon2 settings

Browse source
This commit is contained in:
Minecon724 2025-04-02 15:27:27 +02:00
commit 6c0f8ca955
Signed by untrusted user who does not match committer: m724
GPG key ID: A02E6E67AB961189
2 changed files with 14 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/anonchat/__init__.py
View file

@ -46,7 +46,12 @@ elif app.config['SESSION_TYPE'] == 'filesystem':
app.config['SESSION_KEY_PREFIX'] = 'anonchat_session:' app.config['SESSION_KEY_PREFIX'] = 'anonchat_session:'
# Initialize password hasher # Initialize password hasher
password_hasher = PasswordHasher() # Parameters source: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id
password_hasher = PasswordHasher(
time_cost=2,
memory_cost=19456,
parallelism=1
)
# Initialize session with Redis storage # Initialize session with Redis storage
Session(app) Session(app)

8
src/anonchat/models.py
View file

@ -32,10 +32,18 @@ class Admin(db.Model):
"""Hash a password using Argon2id""" """Hash a password using Argon2id"""
return password_hasher.hash(password) return password_hasher.hash(password)
def rehash_password(self, password):
"""Rehash a password using Argon2id"""
self.password_hash = self.hash_password(password)
db.session.add(self)
db.session.commit()
def verify_password(self, password): def verify_password(self, password):
"""Verify a password against the stored hash""" """Verify a password against the stored hash"""
try: try:
password_hasher.verify(self.password_hash, password) password_hasher.verify(self.password_hash, password)
if password_hasher.check_needs_rehash(self.password_hash):
self.rehash_password(password)
return True return True
except argon2.exceptions.VerifyMismatchError: except argon2.exceptions.VerifyMismatchError:
return False return False