search

emilbayes / secure-password

Making Password storage safer for all
ISC License
569 stars 22 forks source link

Error: opts.memlimit must be at least MEMLIMIT_MIN (undefined) #11

Closed YerkoPalma closed 6 years ago

YerkoPalma commented 6 years ago

I'm having this error only in node 9. I've recently updated to node stable and a project using this module started to crash. Here is the full stacktrace of the error

/home/yerko/Dev/kids/node_modules/nanoassert/index.js:21
  if (!t) throw new Error(m || 'AssertionError')
          ^

Error: opts.memlimit must be at least MEMLIMIT_MIN (undefined)
    at assert (/home/yerko/Dev/kids/node_modules/nanoassert/index.js:21:17)
    at new SecurePassword (/home/yerko/Dev/kids/node_modules/secure-password/index.js:30:3)
    at SecurePassword (/home/yerko/Dev/kids/node_modules/secure-password/index.js:24:49)
    at Object.<anonymous> (/home/yerko/Dev/kids/routes/teachers/create.js:2:11)
    at Module._compile (module.js:641:30)
    at Object.Module._extensions..js (module.js:652:10)
    at Module.load (module.js:560:32)
    at tryModuleLoad (module.js:503:12)
    at Function.Module._load (module.js:495:3)
    at Module.require (module.js:585:17)

As you can see the error happens in line 30 and it seems to be beacause MEMLIMIT_MIN (sodium.crypto_pwhash_MEMLIMIT_MIN) is not defined in node 9

emilbayes commented 6 years ago

I will investigate, but I'm pretty sure the issue is in sodium-native and not secure password :) I will figure out a fix either way!

YerkoPalma commented 6 years ago

I also think it is a sodium issue but I have no way to be sure, so I opened here. Anyway if thats the case, it would be better to open an issue in sodium repo referencing this.

emilbayes commented 6 years ago

We're doing prebuilds of sodium-native for node 9 today, so then you will not have to compile. Will update here when that is released

emilbayes commented 6 years ago

@YerkoPalma newest patch release of secure-password is working on node 9 now, tho it will compile during install: https://travis-ci.org/emilbayes/secure-password/jobs/297896890

YerkoPalma commented 6 years ago

@emilbayes I did npm install --save secure-password@2.1.2 and I'm getting this

Error: No native build was found for runtime=node abi=59 platform=linux arch=x64
    at Function.load.path (/home/yerko/Dev/kids/node_modules/node-gyp-build/index.js:28:9)
    at load (/home/yerko/Dev/kids/node_modules/node-gyp-build/index.js:13:23)
    at Object.<anonymous> (/home/yerko/Dev/kids/node_modules/sodium-native/index.js:1:101)
    at Module._compile (module.js:641:30)
    at Object.Module._extensions..js (module.js:652:10)
    at Module.load (module.js:560:32)
    at tryModuleLoad (module.js:503:12)
    at Function.Module._load (module.js:495:3)
    at Module.require (module.js:585:17)
    at require (internal/module.js:11:18)

Tell me if you need any more information

emilbayes commented 6 years ago

@YerkoPalma is this issue still persisting? I'm tempted to upgrade to next sodium-native, but that requires a major bump as the default hashing algorithm in libsodium has change (argon2i to argon2id)

kelden commented 6 years ago

Any reason you prefer using argon2i instead of argon2id? It seems like argon2id is far more secure for general use and is recommended by the internet draft. Seems worth the bump.

emilbayes commented 6 years ago

@kelden I am going to do this, just waiting for our next minor bump of libsodium which should come out soon :)

emilbayes commented 6 years ago

@kelden This is here now in secure-password@3.0.0