Passwords / Logins stop working after migrating to a host with a different number of CPUs

[m90]

#431 introduced a very subtle, but unfortunate bug: by binding the number of threads used in the Argon2 hashing procedure, logins stop being portable between host machines with a different number of CPUs (e.g. when migrating from a host with a single CPU to a host with two CPUs, the hashing function would now pass different parameters to Argon2, creating a mismatch).

This should be fixed by doing the following:

• introduce a new algo version for all newly created hashes that does use a fixed number of threads
• allow overriding the value used by the buggy algo version by passing an env var so that operators can still migrate to hosts with a different number of CPUs, even if it's a little awkward

The offending portion of code is here:

offen/server/keys/hash.go

Lines 93 to 95 in a7b7f2e

	func defaultArgon2Hash(val, salt []byte, size uint32) []byte {
	return argon2.IDKey(val, salt, 4, 16*1024, uint8(runtime.NumCPU()), size)
	}

[m90]

This is fixed in v0.2.1. For a workarounf when migrating an older version refer to https://docs.offen.dev/running-offen/known-issues/#login-stops-working-after-migrating-an-instance-to-new-hardware