defaults.js

/**
 * @file Safe MFKDF Defaults
 * @copyright Multifactor, Inc. 2022–2025
 *
 * @description
 * Secure default configuration for multi-factor key derivation function (MFKDF) and MFKDF factor constructions
 *
 * @author Vivek Nair (https://nair.me) <[email protected]>
 */

module.exports.kdf = {
  kdf: 'argon2id', // hkdf, pbkdf2, bcrypt, scrypt, argon2i, argon2d, or argon2id (default)
  hkdfdigest: 'sha256', // sha1, sha256, sha384, or sha512
  argon2time: 2, // owasp recommendation
  argon2mem: 24576, // 24 MiB; slightly more than owasp recommendation
  argon2parallelism: 1 // disable parallelism
}

module.exports.key = {
  size: 32 // key size (bytes); outputs 256-bit key by default
}

module.exports.password = {
  id: 'password'
}

module.exports.uuid = {
  id: 'uuid'
}

module.exports.question = {
  id: 'question'
}

module.exports.hotp = {
  id: 'hotp',
  hash: 'sha1', // required for Google Authenticator compatibility
  digits: 6, // most common choice
  issuer: 'MFKDF',
  label: 'mfkdf.com'
}

module.exports.totp = {
  id: 'totp',
  hash: 'sha1', // required for Google Authenticator compatibility
  digits: 6, // required for Google Authenticator compatibility
  step: 30, // required for Google Authenticator compatibility
  window: 87600, // max window between logins, 1 month by default
  issuer: 'MFKDF',
  label: 'mfkdf.com'
}

module.exports.ooba = {
  id: 'ooba',
  length: 6
}

module.exports.stack = {
  id: 'stack',
  kdf: 'hkdf',
  hkdfdigest: 'sha256'
}

module.exports.hmacsha1 = {
  id: 'hmacsha1'
}