security: migrate bcrypt→Argon2id, random Bitcoin RPC password
Password hashing migrated from bcrypt to Argon2id (m=64MiB, t=3, p=4). Transparent upgrade: on successful bcrypt login, re-hashes with Argon2id and persists. New signups and password changes use Argon2id directly. Unifies crypto stack — Argon2id was already used for TOTP and backup KDF. Bitcoin RPC password: no longer falls back to hardcoded "archipelago123". On first boot, generates a random 32-char hex password from CSPRNG, saves to /var/lib/archipelago/secrets/bitcoin-rpc-password with 0600 permissions. Existing installs with secrets file are unaffected. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -29,9 +29,32 @@ async fn read_password() -> String {
|
||||
}
|
||||
}
|
||||
|
||||
// 3. Dev fallback (will only work on dev machines with default config)
|
||||
debug!("Bitcoin RPC password: using dev fallback");
|
||||
"archipelago123".to_string()
|
||||
// 3. Generate a random password and persist it (first-boot provisioning)
|
||||
let random_pass = generate_random_password();
|
||||
if let Some(parent) = std::path::Path::new(SECRETS_PATH).parent() {
|
||||
let _ = tokio::fs::create_dir_all(parent).await;
|
||||
}
|
||||
match tokio::fs::write(SECRETS_PATH, &random_pass).await {
|
||||
Ok(_) => {
|
||||
// Restrict permissions to owner-only
|
||||
#[cfg(unix)]
|
||||
{
|
||||
use std::os::unix::fs::PermissionsExt;
|
||||
let _ = std::fs::set_permissions(SECRETS_PATH, std::fs::Permissions::from_mode(0o600));
|
||||
}
|
||||
debug!("Bitcoin RPC password: generated and saved to secrets file");
|
||||
}
|
||||
Err(e) => {
|
||||
tracing::warn!("Failed to save generated Bitcoin RPC password: {} — using ephemeral", e);
|
||||
}
|
||||
}
|
||||
random_pass
|
||||
}
|
||||
|
||||
/// Generate a cryptographically random password for Bitcoin RPC (32 hex chars).
|
||||
fn generate_random_password() -> String {
|
||||
let bytes: [u8; 16] = rand::random();
|
||||
hex::encode(bytes)
|
||||
}
|
||||
|
||||
/// Get Bitcoin RPC credentials (user, password). Cached after first call.
|
||||
|
||||
Reference in New Issue
Block a user