opaque: Lower the compute cost

This reduces the time to validate a password, at a minor cost of
security (makes bruteforcing the DB easier, but still really hard).

Note: this invalidates all current passwords. It is recommended to
delete the admin user directly in sqlite:

$ sqlite3 users.db
> DELETE from users WHERE user_id = "admin";

It will be recreated with the reset password when restarting the server.
The admin can then reset other users' passwords.
This commit is contained in:
Valentin Tolmer 2021-10-11 20:09:34 +02:00 committed by nitnelave
parent 263fd44156
commit 73a39fecf0

View File

@ -27,7 +27,7 @@ impl ArgonHasher {
mem_cost: 50 * 1024, // 50 MB, in KB
secret: &[],
thread_mode: argon2::ThreadMode::Sequential,
time_cost: 5,
time_cost: 1,
variant: argon2::Variant::Argon2id,
version: argon2::Version::Version13,
};