chris/beachPartyBalloons
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Lower ALTCHA cost to 2000

Browse Source 
50000 was taking >1 minute on some devices. 2000 should be ~1-2s in
most browsers while still being meaningful work for bots. The HMAC
key and expiration are the real security — cost is just friction.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
chris 2026-06-13 19:23:55 -04:00
parent f59d19f3c2
commit 8b1e89cf04
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
main-site/server.js
View File

@ -106,7 +106,7 @@ apiRouter.get('/altcha', async (req, res) => {
try { try {
const challenge = await createChallenge({ const challenge = await createChallenge({
algorithm: 'SHA-256', algorithm: 'SHA-256',
cost: 50000, cost: 2000,
expiresAt: new Date(Date.now() + 10 * 60 * 1000), // 10 minutes expiresAt: new Date(Date.now() + 10 * 60 * 1000), // 10 minutes
deriveKey: altchaSha.deriveKey, deriveKey: altchaSha.deriveKey,
hmacSignatureSecret: process.env.ALTCHA_HMAC_KEY || 'dev-key-change-in-production', hmacSignatureSecret: process.env.ALTCHA_HMAC_KEY || 'dev-key-change-in-production',