From d5f2cc4750ce41909bc4d99522181a51b59e9ef1 Mon Sep 17 00:00:00 2001
From: Jah-yee <166608075+Jah-yee@users.noreply.github.com>
Date: Tue, 5 May 2026 04:51:16 +0800
Subject: [PATCH] fix: update Argon2id parameters to OWASP minimum

Memory: 16384 (16MB) -> 19456 (19MB)
Iterations: 1 -> 2

These parameters were set to 16MB/1 iteration for benchmark debugging.
Updated to meet OWASP minimum Argon2id requirements.

Fixes #82
---
 internal/config/config.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/config/config.go b/internal/config/config.go
index 7cf0bb2..3b8dc43 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -353,8 +353,8 @@ func Load(path string) (*Config, error) {
 		"storage.path":                          "./data/sharkauth.db",
 		"auth.session_lifetime":                 "30d",
 		"auth.password_min_length":              8,
-		"auth.argon2id.memory":                  16384,
-		"auth.argon2id.iterations":              1,
+		"auth.argon2id.memory":                  19456,
+		"auth.argon2id.iterations":              2,
 		"auth.argon2id.parallelism":             1,
 		"auth.argon2id.salt_length":             16,
 		"auth.argon2id.key_length":              32,