From b8acacfb3ec63f6c45ec6e21e12ce5ef027e9447 Mon Sep 17 00:00:00 2001
From: girlbossceo <june@girlboss.ceo>
Date: Sat, 28 Oct 2023 22:15:36 -0400
Subject: [PATCH] use light owasp defs instead of argon2 defs

the ones now used by default in rust-argon2 are extremely aggressive and
resource intensive. owasp's 2nd default is very reasonable with the same
security.

Signed-off-by: girlbossceo <june@girlboss.ceo>
---
 src/utils/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/utils/mod.rs b/src/utils/mod.rs
index 092c840b..1bd6fde2 100644
--- a/src/utils/mod.rs
+++ b/src/utils/mod.rs
@@ -75,7 +75,7 @@ pub fn random_string(length: usize) -> String {
 pub fn calculate_password_hash(password: &str) -> Result<String, argon2::Error> {
     let hashing_config = Config {
         variant: Variant::Argon2id,
-        ..Default::default()
+        ..Config::owasp2() // m=19456 (19 MiB), t=2, p=1 from https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id
     };
 
     let salt = random_string(32);