This repository has been archived by the owner on Feb 3, 2023. It is now read-only.
Fast passphrase hashing #1986
Merged
Fast passphrase hashing #1986
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thedavidmeister
approved these changes
Dec 17, 2019
neonphog
approved these changes
Dec 17, 2019
There was a problem hiding this comment.
I'm cool with this so long as we have some presence in the tree for fixing it in the future. Couple thoughts:
- Even in secure mode, this shouldn't be taking so long - is it still doing a hash for every agent_id? We need the keystore to just do the password hash once per conductor and then use that shared key to do crypto on the subkeys
- At some point, we may actually want a separate system service that can act as the keystore "vault" for a system, that will actually only do the password hashing once for a whole system, and multiple conductors.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR summary
Use the test config for the password hash to make it much faster.
The default config for the passphrase hashing is set to super-secure: the hashing algorithm is designed to take a serious amount of resources to prevent attacks against the keys if an attacker got hold of the encrypted keys but not the passphrase.
The problem with this is: starting Holoscape takes a long time. On slow machines it will trigger the 60 seconds timeout which then shows an error and opens the logs.
Note:
This is a breaking-change since it will break keys/passphrases: you can't decrypt a key that was created with the old config when starting a new conductor - the new hash config will result in a different hash.
This means users have to re-create keys with the new version this change gets in.
testing/benchmarking notes
Tried in Holoscape: makes booting and installing hApps much faster since decrypting keys is the most time consuming task in both workflows.
followups
Ultimately we should find the right balance of security and usability. But for now, as long as we are in alpha at least, we can configure the passphrase hashing to be very simple.
changelog
documentation