Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fast passphrase hashing #1986

Merged
merged 3 commits into from Dec 17, 2019
Merged

Fast passphrase hashing #1986

merged 3 commits into from Dec 17, 2019

Conversation

@lucksus
Copy link
Member

lucksus commented Dec 17, 2019

PR summary

Use the test config for the password hash to make it much faster.

The default config for the passphrase hashing is set to super-secure: the hashing algorithm is designed to take a serious amount of resources to prevent attacks against the keys if an attacker got hold of the encrypted keys but not the passphrase.

The problem with this is: starting Holoscape takes a long time. On slow machines it will trigger the 60 seconds timeout which then shows an error and opens the logs.

Note:
This is a breaking-change since it will break keys/passphrases: you can't decrypt a key that was created with the old config when starting a new conductor - the new hash config will result in a different hash.

This means users have to re-create keys with the new version this change gets in.

testing/benchmarking notes

Tried in Holoscape: makes booting and installing hApps much faster since decrypting keys is the most time consuming task in both workflows.

followups

Ultimately we should find the right balance of security and usability. But for now, as long as we are in alpha at least, we can configure the passphrase hashing to be very simple.

changelog

  • if this is a code change that effects some consumer (e.g. zome developers) of holochain core, then it has been added to our between-release changelog with the format
- summary of change [PR#1234](https://github.com/holochain/holochain-rust/pull/1234)

documentation

@lucksus lucksus requested a review from neonphog Dec 17, 2019
Copy link
Contributor

thedavidmeister left a comment

approved given that we are still testing things

Copy link
Contributor

neonphog left a comment

I'm cool with this so long as we have some presence in the tree for fixing it in the future. Couple thoughts:

  • Even in secure mode, this shouldn't be taking so long - is it still doing a hash for every agent_id? We need the keystore to just do the password hash once per conductor and then use that shared key to do crypto on the subkeys
  • At some point, we may actually want a separate system service that can act as the keystore "vault" for a system, that will actually only do the password hashing once for a whole system, and multiple conductors.
@thedavidmeister thedavidmeister merged commit d988ba3 into develop Dec 17, 2019
7 checks passed
7 checks passed
ci/circleci: app-spec-tests-sim2h Your tests passed on CircleCI!
Details
ci/circleci: build Your tests passed on CircleCI!
Details
ci/circleci: cli-tests Your tests passed on CircleCI!
Details
ci/circleci: cluster-tests Your tests passed on CircleCI!
Details
ci/circleci: fmt Your tests passed on CircleCI!
Details
ci/circleci: stress-tests-sim2h Your tests passed on CircleCI!
Details
ci/circleci: wasm-conductor-tests Your tests passed on CircleCI!
Details
@zippy zippy deleted the fast-password-hash branch Jan 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.