Skip to content

Increase Argon2id memory cost from 64 MB to 256 MB#28

Merged
darkmaster0345 merged 1 commit into
mainfrom
gt/toast/ca57b74a
Jun 19, 2026
Merged

Increase Argon2id memory cost from 64 MB to 256 MB#28
darkmaster0345 merged 1 commit into
mainfrom
gt/toast/ca57b74a

Conversation

@darkmaster0345

@darkmaster0345 darkmaster0345 commented Jun 19, 2026

Copy link
Copy Markdown
Owner
  • Change Params::new(65536, ...) to Params::new(262144, ...) in derive_key() and derive_key_v3()
  • Update comment in V3 header documentation
  • Update README.md Technical Specifications, Memory Profile, Security Stack, and Threat Model sections
  • Update Key Derivation Details diagram

This matches the SECURITY_DEFER.md recommendation for stronger memory-hard KDF.

Summary by Sourcery

Increase the Argon2id memory cost used for key derivation to strengthen resistance against offline brute-force attacks and update documentation to reflect the new memory profile.

Enhancements:

  • Raise Argon2id key derivation memory parameter from 64 MiB to 256 MiB for both V2 and V3 pipelines.

Documentation:

  • Update README technical specs, memory profile, security stack, and threat model to document the new 256 MiB Argon2id setting and resulting ~258 MB peak RAM usage.
  • Adjust V3 header and diagram documentation to match the updated Argon2id parameters.

Summary by CodeRabbit

  • Documentation
    • Documentation updated for Neuron Encrypt 2.0, reflecting security parameter enhancements and revised performance characteristics. Key derivation memory requirements increased to 256 MiB peak usage (from ~64 MiB).

- Change Params::new(65536, ...) to Params::new(262144, ...) in derive_key() and derive_key_v3()
- Update comment in V3 header documentation
- Update README.md Technical Specifications, Memory Profile, Security Stack, and Threat Model sections
- Update Key Derivation Details diagram

This matches the SECURITY_DEFER.md recommendation for stronger memory-hard KDF.
@sourcery-ai

sourcery-ai Bot commented Jun 19, 2026

Copy link
Copy Markdown
Contributor
Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Increases the Argon2id memory cost from 64 MiB to 256 MiB for both V2 and V3 key derivation functions and updates all related documentation, comments, and diagrams to reflect the new memory profile and security posture.

File-Level Changes

Change Details Files
Increase Argon2id memory cost parameter in key derivation functions to 256 MiB.
  • Update Argon2 Params::new memory parameter from 65,536 to 262,144 in derive_key
  • Update Argon2 Params::new memory parameter from 65,536 to 262,144 in derive_key_v3
neuron-encrypt/src/crypto.rs
Align in-code documentation and README with the new 256 MiB Argon2id memory cost and resulting memory profile.
  • Update V3 MAGIC_V3 header comment to describe 256 MB Argon2id usage and ~258 MB peak RAM
  • Adjust README memory profile description, including peak RAM and Argon2id parameter table
  • Update README technical specs and security sections to reference 256 MiB Argon2id settings and offline brute-force resistance
  • Update key derivation diagrams in README to show 256 MB Argon2id in both V2 and V3 pipelines
README.md
neuron-encrypt/src/crypto.rs

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@darkmaster0345 darkmaster0345 merged commit f4975af into main Jun 19, 2026
3 of 6 checks passed
@coderabbitai

coderabbitai Bot commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: edb07181-b7b8-48e6-8989-5f9d1b9a81f4

📥 Commits

Reviewing files that changed from the base of the PR and between fbe97aa and ee27950.

📒 Files selected for processing (2)
  • README.md
  • neuron-encrypt/src/crypto.rs

📝 Walkthrough

Walkthrough

Argon2id memory cost is raised from 65,536 KiB (64 MiB) to 262,144 KiB (256 MiB) in both derive_key (V2) and derive_key_v3 (V3) in crypto.rs. Eight corresponding locations in README.md are updated to replace all prior 64 MiB / ~66 MB figures with 256 MiB / ~258 MB.

Changes

Argon2id memory cost bump: code and docs

Layer / File(s) Summary
Argon2id Params update in derive_key and derive_key_v3
neuron-encrypt/src/crypto.rs
Params::new first argument changed from 65_536 to 262_144 in both V2 and V3 key-derivation functions; V3 doc comment updated to reflect higher peak memory.
README documentation aligned to 256 MiB
README.md
Eight sections updated: What's New in 2.0 RAM claim, Security Stack table, Cryptographic Parameters Argon2id block, Memory Profile section, Cipher Suite table, V3 and V2 Key Derivation Details diagrams, and Threat Model offline brute-force justification.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Possibly related PRs

  • darkmaster0345/Neuron-Encrypt#23: Directly addresses the deferred "insufficient Argon2id memory cost" item noted in that PR, which targeted the same Params::new call in crypto.rs.

Suggested labels

codex

🐇 Hopping through the memory lane,
From 64 megs to 256 — what a gain!
The key derivation costs more now, it's true,
But brute-force attackers? They haven't a clue.
More RAM for the cipher, more safety for you! 🔐

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch gt/toast/ca57b74a

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • The Argon2 parameters are now duplicated in both derive_key and derive_key_v3; consider centralizing them in a single constant/helper (e.g., ARGON2_PARAMS) so future tuning only needs to be done in one place.
  • With the memory cost increased to 256 MiB, Argon2 may fail more often on low-memory systems; it might be helpful to map CryptoError::Argon2Failed specifically for memory-allocation errors into a clearer, user-facing error message (e.g., "not enough RAM for key derivation").
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- The Argon2 parameters are now duplicated in both `derive_key` and `derive_key_v3`; consider centralizing them in a single constant/helper (e.g., `ARGON2_PARAMS`) so future tuning only needs to be done in one place.
- With the memory cost increased to 256 MiB, Argon2 may fail more often on low-memory systems; it might be helpful to map `CryptoError::Argon2Failed` specifically for memory-allocation errors into a clearer, user-facing error message (e.g., "not enough RAM for key derivation").

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@codacy-production

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric Results
Complexity 0
Duplication 0

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.


let mut intermediate = Zeroizing::new(vec![0u8; 64]);
let params = Params::new(65_536, 3, 4, Some(64))
let params = Params::new(262_144, 3, 4, Some(64))

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥 The Roast: You've cranked the Argon2id memory from 64 MB to 256 MB — a 4× jump with zero warning to existing users. Every file encrypted with the old version is now permanently unreadable because the key derivation output will differ. This isn't an upgrade; it's a silent data hostage situation. 🎤

🩹 The Fix: Either bump the file format version (e.g. V4) so new files use 256 MB while V2/V3 files still decrypt with 64 MB, or at minimum add a colossal prerelease warning that all previously encrypted data will be orphaned. Hardcoding different Argon2id parameters without version detection is a critical breaking change for an encryption tool.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

let mut final_key = Zeroizing::new(vec![0u8; 32]);
let mut intermediate = Zeroizing::new(vec![0u8; 64]);
let params = Params::new(65_536, 3, 4, Some(64))
let params = Params::new(262_144, 3, 4, Some(64))

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥 The Roast: Same 4× memory jump to 256 MB copy-pasted into derive_key_v3. Nothing says "we've thought this through" like repeating the same breaking change in a second function. V3 files encrypted with the previous release are equally unreadable now. Two times the breaking change, zero times the migration path. 🎤

🩹 The Fix: Same as above — version the file format so old V3 files still derive keys with the original 64 MB parameters, or provide a data migration tool. Don't silently break decryption for existing users.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

@kilo-code-bot

kilo-code-bot Bot commented Jun 19, 2026

Copy link
Copy Markdown

Code Review Roast 🔥

Verdict: 2 Critical Issues Found | Recommendation: Address before merge

Overview

Severity Count
🚨 critical 2
⚠️ warning 0
💡 suggestion 0
🤏 nitpick 0
Issue Details (click to expand)
File Line Roast
neuron-encrypt/src/crypto.rs 163 Silent breaking change: increasing Argon2id memory from 64 MB to 256 MB makes all previously encrypted files unrecoverable without versioning or migration path.
neuron-encrypt/src/crypto.rs 183 Same breaking change duplicated in derive_key_v3 — V3 files encrypted before this PR are permanently orphaned.

🏆 Best part: The docs were actually updated consistently with the code. In a world where many PRs lie about memory usage in the README, that's almost impressive enough to make me lower my flamethrower. Almost.

💀 Worst part: Hardcoding different Argon2id parameters without file-format version detection is the encryption equivalent of changing your door lock and throwing away the old keys. Every .vx2 file encrypted before this merge becomes unreadable ornament with zero warning to users.

📊 Overall: Like upgrading to a new security system and forgetting to keep the old key on your keychain — technically stronger, but you've just locked yourself out of everything you owned.

Files Reviewed (2 files)
  • README.md — memory documentation updated
  • neuron-encrypt/src/crypto.rs — critical breaking change in key derivation

Fix these issues in Kilo Cloud


Reviewed by step-3.7-flash-20260528 · Input: 153.7K · Output: 11.2K · Cached: 3.8K

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ee2795054f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

let mut final_key = Zeroizing::new(vec![0u8; 32]);
let mut intermediate = Zeroizing::new(vec![0u8; 64]);
let params = Params::new(65_536, 3, 4, Some(64))
let params = Params::new(262_144, 3, 4, Some(64))

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Keep VAULTX03 decryption compatible with old KDF

When a user decrypts any VAULTX03 file produced by previous builds, the unchanged header only tells decrypt_file to dispatch to the V3 path; it does not store Argon2 parameters or use a new magic/version. Because those files were sealed with m=65_536, deriving with m=262_144 here produces a different key and all existing V3 ciphertexts fail authentication, making users' encrypted files unrecoverable unless a fallback or versioned format is added.

Useful? React with 👍 / 👎.


let mut intermediate = Zeroizing::new(vec![0u8; 64]);
let params = Params::new(65_536, 3, 4, Some(64))
let params = Params::new(262_144, 3, 4, Some(64))

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Keep legacy VAULTX02 decryption on the old KDF

This function is also used by decrypt_file_legacy/decrypt_stream_v2, but VAULTX02 headers only contain magic, salt, and nonce and all historical V2 files were encrypted with m=65_536. Switching the legacy derivation to m=262_144 means the documented backwards-compatible V2 decryption path now derives the wrong key and rejects every existing legacy file as DecryptionFailed.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant