/**
* @file Safe MFKDF Defaults
* @copyright Multifactor, Inc. 2022–2025
*
* @description
* Secure default configuration for multi-factor key derivation function (MFKDF) and MFKDF factor constructions
*
* @author Vivek Nair (https://nair.me) <[email protected]>
*/
module.exports.kdf = {
kdf: 'argon2id', // hkdf, pbkdf2, bcrypt, scrypt, argon2i, argon2d, or argon2id (default)
hkdfdigest: 'sha256', // sha1, sha256, sha384, or sha512
argon2time: 2, // owasp recommendation
argon2mem: 24576, // 24 MiB; slightly more than owasp recommendation
argon2parallelism: 1 // disable parallelism
}
module.exports.key = {
size: 32 // key size (bytes); outputs 256-bit key by default
}
module.exports.password = {
id: 'password'
}
module.exports.uuid = {
id: 'uuid'
}
module.exports.question = {
id: 'question'
}
module.exports.hotp = {
id: 'hotp',
hash: 'sha1', // required for Google Authenticator compatibility
digits: 6, // most common choice
issuer: 'MFKDF',
label: 'mfkdf.com'
}
module.exports.totp = {
id: 'totp',
hash: 'sha1', // required for Google Authenticator compatibility
digits: 6, // required for Google Authenticator compatibility
step: 30, // required for Google Authenticator compatibility
window: 87600, // max window between logins, 1 month by default
issuer: 'MFKDF',
label: 'mfkdf.com'
}
module.exports.ooba = {
id: 'ooba',
length: 6
}
module.exports.stack = {
id: 'stack',
kdf: 'hkdf',
hkdfdigest: 'sha256'
}
module.exports.hmacsha1 = {
id: 'hmacsha1'
}