Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: change user storage KDF #24541

Closed
wants to merge 2 commits into from
Closed

feat: change user storage KDF #24541

wants to merge 2 commits into from

Conversation

Prithpal-Sooriya
Copy link
Contributor

@Prithpal-Sooriya Prithpal-Sooriya commented May 15, 2024
edited by github-actions bot

Description

This is a demo PR/Branch for changing the key hashing on user storage to Script.
We could also demo Argon2, but @noble has not audited this yet.

Open in GitHub Codespaces

Related issues

Fixes:

Manual testing steps

  1. Go to this page...

Screenshots/Recordings

Before

After

Pre-merge author checklist

  • I’ve followed MetaMask Coding Standards.
  • I've completed the PR template to the best of my ability
  • I’ve included tests if applicable
  • I’ve documented my code using JSDoc format if applicable
  • I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

@Prithpal-Sooriya Prithpal-Sooriya added the team-notifications Notifications team label May 15, 2024
@github-actions GitHub Actions
Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

Prithpal-Sooriya
Prithpal-Sooriya commented May 15, 2024
View reviewed changes
app/scripts/controllers/user-storage/encryption.ts
Comment on lines +46 to +50
#SCRYPT_N: number = 2 ** 17; // CPU/memory cost parameter (must be a power of 2, > 1)

#SCRYPT_r: number = 8; // Block size parameter

#SCRYPT_p: number = 1; // Parallelization parameter
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe N and P are the work factor levers.

Using OWASP configurations defined here.
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#scrypt

From a performance perspective, these values seem "okay" from some automated testing, will need to actually hook it up to see the performance UX impact.

@Prithpal-Sooriya Prithpal-Sooriya mentioned this pull request May 15, 2024
Closed
7 tasks
@Prithpal-Sooriya Prithpal-Sooriya changed the title temp: user storage key hashing feat: change user storage KDF May 16, 2024
@Prithpal-Sooriya
Copy link
Contributor Author

I'm closing this since there is a little more discussion to be done on this.
Most likely we will change the KDF and also perform some key caching.

@github-actions github-actions bot locked and limited conversation to collaborators May 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@legobeat legobeat Awaiting requested review from legobeat

Assignees
No one assigned
Labels
team-notifications Notifications team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@Prithpal-Sooriya