Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Passwords / Logins stop working after migrating to a host with a different number of CPUs #506

m90 opened this issue Nov 13, 2020 · 1 comment · Fixed by #507
bug Something isn't working


Copy link

m90 commented Nov 13, 2020

#431 introduced a very subtle, but unfortunate bug: by binding the number of threads used in the Argon2 hashing procedure, logins stop being portable between host machines with a different number of CPUs (e.g. when migrating from a host with a single CPU to a host with two CPUs, the hashing function would now pass different parameters to Argon2, creating a mismatch).

This should be fixed by doing the following:

  • introduce a new algo version for all newly created hashes that does use a fixed number of threads
  • allow overriding the value used by the buggy algo version by passing an env var so that operators can still migrate to hosts with a different number of CPUs, even if it's a little awkward

The offending portion of code is here:

func defaultArgon2Hash(val, salt []byte, size uint32) []byte {
return argon2.IDKey(val, salt, 4, 16*1024, uint8(runtime.NumCPU()), size)

Copy link
Member Author

m90 commented Nov 15, 2020

This is fixed in v0.2.1. For a workarounf when migrating an older version refer to

@m90 m90 closed this as completed Nov 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
bug Something isn't working
None yet

Successfully merging a pull request may close this issue.

1 participant