All files / src defaults.js

100% Statements 10/10
100% Branches 0/0
100% Functions 0/0
100% Lines 10/10

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73                    1x                           1x       1x       1x       1x       1x               1x                   1x         1x           1x      
/**
 * @file Safe MFKDF Defaults
 * @copyright Multifactor 2022 All Rights Reserved
 *
 * @description
 * Secure default configuration for multi-factor key derivation function (MFKDF) and MFKDF factor constructions
 *
 * @author Vivek Nair (https://nair.me) <[email protected]>
 */
 
module.exports.kdf = {
  kdf: 'argon2id', // hkdf, pbkdf2, bcrypt, scrypt, argon2i, argon2d, or argon2id (default)
  hkdfdigest: 'sha256', // sha1, sha256, sha384, or sha512
  pbkdf2rounds: 310000, // owasp recommendation
  pbkdf2digest: 'sha256', // sha256 and sha512 are common; see crypto.getHashes() for options
  bcryptrounds: 10, // owasp recommendation
  scryptcost: 16384, // 2**14; scrypt paper recommendation
  scryptblocksize: 8, // recommended value
  scryptparallelism: 1, // disable parallelism
  argon2time: 2, // owasp recommendation
  argon2mem: 24576, // 24 MiB; slightly more than owasp recommendation
  argon2parallelism: 1 // disable parallelism
}
 
module.exports.key = {
  size: 32 // key size (bytes); outputs 256-bit key by default
}
 
module.exports.password = {
  id: 'password'
}
 
module.exports.uuid = {
  id: 'uuid'
}
 
module.exports.question = {
  id: 'question'
}
 
module.exports.hotp = {
  id: 'hotp',
  hash: 'sha1', // required for Google Authenticator compatibility
  digits: 6, // most common choice
  issuer: 'MFKDF',
  label: 'mfkdf.com'
}
 
module.exports.totp = {
  id: 'totp',
  hash: 'sha1', // required for Google Authenticator compatibility
  digits: 6, // required for Google Authenticator compatibility
  step: 30, // required for Google Authenticator compatibility
  window: 87600, // max window between logins, 1 month by default
  issuer: 'MFKDF',
  label: 'mfkdf.com'
}
 
module.exports.ooba = {
  id: 'ooba',
  length: 6
}
 
module.exports.stack = {
  id: 'stack',
  kdf: 'pbkdf2',
  pbkdf2rounds: 1
}
 
module.exports.hmacsha1 = {
  id: 'hmacsha1'
}