proxy: reduce the internal bcrypt strength to fix race tests

Before this change the race tests were taking too long. The bcrypt function went from about 20ms to 1s under the race detector and this is called for every transaction on webdav. This change reduces the bcrypt strength so it takes 1ms non race so the race tests pass and still has adequate security for in memory only storage.
2019-11-07 14:06:02 +00:00 · 2019-11-07 14:06:02 +00:00 · 9115752679
parent 51efb349ac
commit 9115752679
1 changed files with 4 additions and 1 deletions
--- a/cmd/serve/proxy/proxy.go
+++ b/cmd/serve/proxy/proxy.go
@ -208,7 +208,10 @@ func (p *Proxy) call(user, pass string, passwordBytes []byte) (value interface{}
 		if err != nil {
 			return nil, false, err
 		}
-		pwHash, err := bcrypt.GenerateFromPassword(passwordBytes, bcrypt.DefaultCost)
+		// The bcrypt cost is a compromise between security and speed. The password is looked up on every
+		// transaction for WebDAV so we store it lightly hashed. An attacker would find it easier to go after
+		// the unencrypted password in memory most likely.
+		pwHash, err := bcrypt.GenerateFromPassword(passwordBytes, bcrypt.MinCost)
 		if err != nil {
 			return nil, false, err
 		}