Skip to content
  • BlackDex's avatar
    Admin token Argon2 hashing support · de157b26
    BlackDex authored
    Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead
    of only supporting a plain text string.
    
    The hash must be a PHC string which can be generated via the `argon2`
    CLI **or** via the also built-in hash command in Vaultwarden.
    
    You can simply run `vaultwarden hash` to generate a hash based upon a
    password the user provides them self.
    
    Added a warning during startup and within the admin settings panel is
    the `ADMIN_TOKEN` is not an Argon2 hash.
    
    Within the admin environment a user can ignore that warning and it will
    not be shown for at least 30 days. After that the warning will appear
    again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash.
    
    I have also tested this on my RaspberryPi 2b and there the `Bitwarden`
    preset takes almost 4.5 seconds to generate/verify the Argon2 hash.
    
    Using the `OWASP` preset it is below 1 second, which I think should be
    fine for low-graded hardware. If it is needed people could use lower
    memory settings, but in those cases I even doubt Vaultwarden it self
    would run. They can always use the `argon2` CLI and generate a faster hash.
    de157b26