|
|
|
Password_Hash_Difficulty
In V13.1 onwards, sets a scaling factor for PASSWORD_HASH values.
The higher the value, the higher the computational cost on the client and server during password authentication, and the more resistant the password database will be to offline brute force attacks.
Defaults:
The default value for PASSWORD_HASH_DIFFICULTY depends on the value set for PASSWORD_HASH:
PASSWORD_HASH value |
PASSWORD_HASH_DIFFICULTY default |
Original |
(Not used) |
PBKDF2_SHA2_512 |
210000 |
PBKDF2_SHA3_512 |
210000 |
ARGON2_64MB |
3 |
ARGON2_2GB |
1 |
More information:
Changes to PASSWORD_HASH_DIFFICULTY will only take effect when each user's password is next added or changed.
Clients must support the hash algorithm configured by the server. This may be a consideration for users with older non-native clients that may have more limited encryption support.
Warning: Increasing PASSWORD_HASH_DIFFICULTY values may lead to noticeable login delays after user passwords are changed to use the new difficulty. Ensure you change a test account password after making this change and use that account for performance testing on a variety of anticipated client hardware, as clients without hardware support for the underlying cryptographic hash function(e.g. SHA512 or SHA3-512) may be significantly slower.
