Switch new password default to Argon2id

62b40add · ale · 3d4cd358 · 62b40add · 62b40add · 62b40add
Commit 62b40add authored 4 months ago by ale
--- a/cmd/pwtool/main.go
+++ b/cmd/pwtool/main.go
@@ -86,7 +86,7 @@ func mkhash() (pwhash.PasswordHash, string, error) {
 	name := *algo
 	switch *algo {
 	case "argon2":
-		h = pwhash.NewArgon2WithParams(uint32(*argon2Time), uint32(*argon2Mem*1024), uint8(*argon2Threads))
+		h = pwhash.NewArgon2StdWithParams(uint32(*argon2Time), uint32(*argon2Mem*1024), uint8(*argon2Threads))
 		name = fmt.Sprintf("%s(%d/%d/%d)", *algo, *argon2Time, *argon2Mem, *argon2Threads)
 	case "scrypt":
 		h = pwhash.NewScryptWithParams(*scryptN, *scryptR, *scryptP)

--- a/pwhash/argon2.go
+++ b/pwhash/argon2.go
@@ -43,8 +43,8 @@ func newArgon2PasswordHash(kind string, keySize int, time, mem uint32, threads u
 }

 // NewArgon2 returns an Argon2i-based PasswordHash using the default parameters.
-func NewArgon2() PasswordHash {
-	return NewArgon2WithParams(
+func NewArgon2Legacy() PasswordHash {
+	return NewArgon2LegacyWithParams(
 		defaultArgon2Params.Time,
 		defaultArgon2Params.Memory,
 		defaultArgon2Params.Threads,
@@ -53,7 +53,7 @@ func NewArgon2() PasswordHash {

 // NewArgon2WithParams returns an Argon2i-based PasswordHash using the
 // specified parameters for time, memory, and number of threads.
-func NewArgon2WithParams(time, mem uint32, threads uint8) PasswordHash {
+func NewArgon2LegacyWithParams(time, mem uint32, threads uint8) PasswordHash {
 	return newArgon2PasswordHash(kindArgon2I, argonLegacyKeySize, time, mem, threads, &a2LegacyCodec{})
 }


--- a/pwhash/password.go
+++ b/pwhash/password.go
@@ -52,7 +52,7 @@ var prefixRegistry = map[string]PasswordHash{
 	"$5$":        NewSystemCrypt(),
 	"$6$":        NewSystemCrypt(),
 	"$s$":        NewScrypt(),
-	"$a2$":       NewArgon2(),
+	"$a2$":       NewArgon2Legacy(),
 	"$argon2i$":  NewArgon2Std(),
 	"$argon2id$": NewArgon2Std(),
 }
@@ -74,7 +74,7 @@ func ComparePassword(encrypted, password string) bool {
 var DefaultEncryptAlgorithm PasswordHash

 func init() {
-	DefaultEncryptAlgorithm = NewArgon2()
+	DefaultEncryptAlgorithm = NewArgon2Std()
 }

 // Encrypt will encrypt a password with the default algorithm.

--- a/pwhash/password_test.go
+++ b/pwhash/password_test.go
@@ -5,8 +5,8 @@ import (
 	"testing"
 )

-func TestArgon2(t *testing.T) {
-	testImpl(t, NewArgon2())
+func TestArgon2Legacy(t *testing.T) {
+	testImpl(t, NewArgon2Legacy())
 }

 func TestArgon2Std(t *testing.T) {
@@ -102,7 +102,7 @@ func BenchmarkArgon2(b *testing.B) {
 	for _, tp := range testParams {
 		name := fmt.Sprintf("%d/%d/%d", tp.Time, tp.Memory, tp.Threads)
 		b.Run(name, func(b *testing.B) {
-			h := NewArgon2WithParams(tp.Time, tp.Memory, tp.Threads)
+			h := NewArgon2StdWithParams(tp.Time, tp.Memory, tp.Threads)
 			encPw := h.Encrypt(goodPw)

 			b.ResetTimer()