-
Notifications
You must be signed in to change notification settings - Fork 0
Increase Argon2id memory cost from 64 MB to 256 MB #28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -45,8 +45,8 @@ pub const EXTENSION: &str = ".vx2"; | |
| /// authentication tag. The final chunk is sealed with `encrypt_last`/`decrypt_last` | ||
| /// to prevent truncation attacks. | ||
| /// | ||
| /// Memory profile: Argon2id (64 MB) during key derivation, then ~2 MB constant | ||
| /// during 1 MB chunk streaming — peak ~66 MB regardless of file size. | ||
| /// Memory profile: Argon2id (256 MB) during key derivation, then ~2 MB constant | ||
| /// during 1 MB chunk streaming — peak ~258 MB regardless of file size. | ||
| pub const MAGIC_V3: &[u8; 8] = b"VAULTX03"; | ||
| /// 16-byte salt — 128-bit entropy, recommended minimum for Argon2. | ||
| pub const SALT_V3_LEN: usize = 16; | ||
|
|
@@ -160,7 +160,7 @@ fn derive_key(password: &[u8], salt: &[u8]) -> CryptoResult<Zeroizing<Vec<u8>>> | |
| let mut final_key = Zeroizing::new(vec![0u8; 32]); | ||
|
|
||
| let mut intermediate = Zeroizing::new(vec![0u8; 64]); | ||
| let params = Params::new(65_536, 3, 4, Some(64)) | ||
| let params = Params::new(262_144, 3, 4, Some(64)) | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
This function is also used by Useful? React with 👍 / 👎. |
||
| .map_err(|error| CryptoError::Argon2Failed(error.to_string()))?; | ||
| let argon2 = Argon2::new(Algorithm::Argon2id, Version::V0x13, params); | ||
| argon2 | ||
|
|
@@ -180,7 +180,7 @@ fn derive_key(password: &[u8], salt: &[u8]) -> CryptoResult<Zeroizing<Vec<u8>>> | |
| fn derive_key_v3(password: &[u8], salt: &[u8]) -> CryptoResult<Zeroizing<Vec<u8>>> { | ||
| let mut final_key = Zeroizing::new(vec![0u8; 32]); | ||
| let mut intermediate = Zeroizing::new(vec![0u8; 64]); | ||
| let params = Params::new(65_536, 3, 4, Some(64)) | ||
| let params = Params::new(262_144, 3, 4, Some(64)) | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🔥 The Roast: Same 4× memory jump to 256 MB copy-pasted into 🩹 The Fix: Same as above — version the file format so old V3 files still derive keys with the original 64 MB parameters, or provide a data migration tool. Don't silently break decryption for existing users. Reply with There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
When a user decrypts any VAULTX03 file produced by previous builds, the unchanged header only tells Useful? React with 👍 / 👎. |
||
| .map_err(|e| CryptoError::Argon2Failed(e.to_string()))?; | ||
| let argon2 = Argon2::new(Algorithm::Argon2id, Version::V0x13, params); | ||
| argon2 | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🔥 The Roast: You've cranked the Argon2id memory from 64 MB to 256 MB — a 4× jump with zero warning to existing users. Every file encrypted with the old version is now permanently unreadable because the key derivation output will differ. This isn't an upgrade; it's a silent data hostage situation. 🎤
🩹 The Fix: Either bump the file format version (e.g. V4) so new files use 256 MB while V2/V3 files still decrypt with 64 MB, or at minimum add a colossal prerelease warning that all previously encrypted data will be orphaned. Hardcoding different Argon2id parameters without version detection is a critical breaking change for an encryption tool.
Reply with
@kilocode-bot fix itto have Kilo Code address this issue.