security: migrate bcrypt→Argon2id, random Bitcoin RPC password

Password hashing migrated from bcrypt to Argon2id (m=64MiB, t=3, p=4).
Transparent upgrade: on successful bcrypt login, re-hashes with Argon2id
and persists. New signups and password changes use Argon2id directly.
Unifies crypto stack — Argon2id was already used for TOTP and backup KDF.

Bitcoin RPC password: no longer falls back to hardcoded "archipelago123".
On first boot, generates a random 32-char hex password from CSPRNG,
saves to /var/lib/archipelago/secrets/bitcoin-rpc-password with 0600
permissions. Existing installs with secrets file are unaffected.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-03-18 22:41:23 +00:00
parent 7bbd8f889a
commit adcc3fddc7
2 changed files with 75 additions and 12 deletions

View File

@@ -29,9 +29,32 @@ async fn read_password() -> String {
}
}
// 3. Dev fallback (will only work on dev machines with default config)
debug!("Bitcoin RPC password: using dev fallback");
"archipelago123".to_string()
// 3. Generate a random password and persist it (first-boot provisioning)
let random_pass = generate_random_password();
if let Some(parent) = std::path::Path::new(SECRETS_PATH).parent() {
let _ = tokio::fs::create_dir_all(parent).await;
}
match tokio::fs::write(SECRETS_PATH, &random_pass).await {
Ok(_) => {
// Restrict permissions to owner-only
#[cfg(unix)]
{
use std::os::unix::fs::PermissionsExt;
let _ = std::fs::set_permissions(SECRETS_PATH, std::fs::Permissions::from_mode(0o600));
}
debug!("Bitcoin RPC password: generated and saved to secrets file");
}
Err(e) => {
tracing::warn!("Failed to save generated Bitcoin RPC password: {} — using ephemeral", e);
}
}
random_pass
}
/// Generate a cryptographically random password for Bitcoin RPC (32 hex chars).
fn generate_random_password() -> String {
let bytes: [u8; 16] = rand::random();
hex::encode(bytes)
}
/// Get Bitcoin RPC credentials (user, password). Cached after first call.