summaryrefslogtreecommitdiff
path: root/data/config_example.pl
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2014-10-15 14:20:56 +0200
committerYorhel <git@yorhel.nl>2014-10-15 14:20:56 +0200
commit6e0a0e1d00e11da9b4eab2163e19314f752b05b5 (patch)
treea65e4b62d81d395c9988f7045b4e83deec8b2485 /data/config_example.pl
parent13e967810a8b336164d22167bb047ad1dbb5a836 (diff)
Use scrypt for new password hashes
I increased the N parameter to approximate about 500ms to generate the hash. This is quite a paranoid setting for a website, but login attempts are throttled so there's not much of a DoS factor. (Alright, password changing feature isn't throttled so the DoS factor still exists. But really, there's some pages with longer page generation times anyway.) I did lower the size of the salt a bit (Crypt::ScryptKDF uses 256 bits by default), because 64 bits of randomness should have low enough chance of collision with only ~100k users (even with a million users, seriously).
Diffstat (limited to 'data/config_example.pl')
-rw-r--r--data/config_example.pl1
1 files changed, 1 insertions, 0 deletions
diff --git a/data/config_example.pl b/data/config_example.pl
index 68c12145..6e0bbe37 100644
--- a/data/config_example.pl
+++ b/data/config_example.pl
@@ -18,6 +18,7 @@ package VNDB;
url_static => 'http://your.static.site.root/',
global_salt => '<some long unique string>',
form_salt => '<another unique string>',
+ scrypt_salt => '<yet another unique string>',
);