Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make bcrypt rounds configurable #9044

Closed
wants to merge 14 commits into from
Closed
4 changes: 4 additions & 0 deletions History.md
@@ -1,5 +1,9 @@
## v.NEXT

* `Accounts.config` now supports a `bcryptRounds` option that
overrides the default 10 rounds currently used to secure passwords.
[PR #9044](https://github.com/meteor/meteor/pull/9044)

* The `fastclick` package (previously included by default in Cordova
applications through the `mobile-experience` package) has been deprecated.
This package is no longer maintained and has years of outstanding
Expand Down
5 changes: 4 additions & 1 deletion packages/accounts-base/accounts_common.js
Expand Up @@ -89,6 +89,9 @@ export class AccountsCommon {
// - ambiguousErrorMessages {Boolean}
// Return ambiguous error messages from login failures to prevent
// user enumeration.
// - bcryptRounds {Number}
// Allows override of number of bcrypt rounds (aka work factor) used
// to store passwords.

/**
* @summary Set global accounts options.
Expand Down Expand Up @@ -135,7 +138,7 @@ export class AccountsCommon {
// validate option keys
var VALID_KEYS = ["sendVerificationEmail", "forbidClientAccountCreation", "passwordEnrollTokenExpirationInDays",
"restrictCreationByEmailDomain", "loginExpirationInDays", "passwordResetTokenExpirationInDays",
"ambiguousErrorMessages"];
"ambiguousErrorMessages", "bcryptRounds"];
_.each(_.keys(options), function (key) {
if (!_.contains(VALID_KEYS, key)) {
throw new Error("Accounts.config: Invalid key: " + key);
Expand Down
16 changes: 15 additions & 1 deletion packages/accounts-password/password_server.js
Expand Up @@ -22,7 +22,7 @@ var bcryptCompare = Meteor.wrapAsync(bcrypt.compare);
// "sha-256" and then passes the digest to bcrypt.


Accounts._bcryptRounds = 10;
Accounts._bcryptRounds = Accounts._options.bcryptRounds || 10;

// Given a 'password' from the client, extract the string that we should
// bcrypt. 'password' can be one of:
Expand Down Expand Up @@ -67,6 +67,20 @@ Accounts._checkPassword = function (user, password) {

if (! bcryptCompare(password, user.services.password.bcrypt)) {
result.error = handleError("Incorrect password", false);
} else if (
user.services.password.bcrypt &&
Accounts._bcryptRounds >
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe != instead of just >?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, will fix

Number(user.services.password.bcrypt.substring(4, 6))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this work if bcryptRounds >= 100 (i.e., more than two digits)?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While you're at it, let's just extract a helper function called something like getRoundsFromBcryptHash?

Copy link
Contributor Author

@danrubins danrubins Sep 6, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, that code will break with a work factor above 99, but it shouldn't be possible to implement bcrypt with such a high work factor since it gets expanded geometrically (rounds = 2^[work factor]). This FreeBSD implementation of bcrypt references a maximum of 31 rounds. I'm not sure if 31 is implementation-specific or the theoretical maximum for bcrypt, but the effective maximum for most current server hardware is probably 16 or 17. From benchmarking on my MacBook Pro, hashing with a work factor of 20 takes about 2.4 minutes and 31 would take ~12 years. The rule of thumb I'm aware of (totally unattributed) is that hashing should take ~1 second with current server hardware. If I can find a source for that rule of thumb, I'll do a PR for this in the Guide.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, I'm happy to move that into a helper function. At the risk of over-building but with a mind toward implementing other hashing algorithms, I'll grab both the algorithm and whatever parameters go with that algorithm.

) {
// password checks out, but user bcrypt may need update
Meteor.defer(() => {
Meteor.users.update({ _id: user._id }, {
$set: {
'services.password.bcrypt':
bcryptHash(password, Accounts._bcryptRounds)
}
});
});
}

return result;
Expand Down