From 73a39fecf0058ab1f42eb019421eea186416dc3c Mon Sep 17 00:00:00 2001
From: Valentin Tolmer <valentin.tolmer@gmail.com>
Date: Mon, 11 Oct 2021 20:09:34 +0200
Subject: [PATCH] opaque: Lower the compute cost

This reduces the time to validate a password, at a minor cost of
security (makes bruteforcing the DB easier, but still really hard).

Note: this invalidates all current passwords. It is recommended to
delete the admin user directly in sqlite:

$ sqlite3 users.db
> DELETE from users WHERE user_id = "admin";

It will be recreated with the reset password when restarting the server.
The admin can then reset other users' passwords.
---
 auth/src/opaque.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/auth/src/opaque.rs b/auth/src/opaque.rs
index 2371c0a..7648d58 100644
--- a/auth/src/opaque.rs
+++ b/auth/src/opaque.rs
@@ -27,7 +27,7 @@ impl ArgonHasher {
         mem_cost: 50 * 1024, // 50 MB, in KB
         secret: &[],
         thread_mode: argon2::ThreadMode::Sequential,
-        time_cost: 5,
+        time_cost: 1,
         variant: argon2::Variant::Argon2id,
         version: argon2::Version::Version13,
     };