<?php
/*
  Copyright (C) 2013-2017 Grégory Soutadé
  
  This file is part of gPass.
  
  gPass is free software: you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation, either version 3 of the License, or
  (at your option) any later version.
  
  gPass is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.
  
  You should have received a copy of the GNU General Public License
  along with gPass.  If not, see <http://www.gnu.org/licenses/>.
*/

/*
  User interface display or not ciphered passwords. Set to false avoid database leakage by user interface (but not by raw HTTP request).
 */
$VIEW_CIPHERED_PASSWORDS=true;

/*
  Allows user creation
 */
$ADMIN_MODE=true;

/*
  Number of iterations for PBKDF2 algorithm.
  Minimum recommended level is 1000, but you can increase
  this value to have a better security (need more computation
  power).

  !! Warning !! This impact master keys. So if you change
  this value with existings masterkeys, they will unusable !
 */
$PBKDF2_LEVEL=1000;

/*
  This is a security feature : It protects from database dump
  and database purge without authentication.
  When get all entries, instead of returning logins/passwords,
  it returns "shadow logins". These are random values.
  Shadow logins must be encrypted using masterkey and salt
  (to generate a unique PBKDF2 derivation) that result in an access tokens.
  With this access token, user has the right to get
  encrypted login/password values and remove them.
  It's a kind of challenge but requires more cpu bandwidth
  (one derivation + two decryption for each password !).

  This option is backward compatible with old version < 0.6
*/
$USE_SHADOW_LOGINS=1;

/*
  Protection against DDoS.
  Each request can contains multiple password combinations
  (to support wildcards for example) and multiple names.
  Currently only two passwords are sent from addon :
      www.example.com
      *.example.com
  But, on future we may also consider 'www.example.*', '*.example.*' and lower case username.
  For maximum security, you can set it to 2 or 4 if you want to be backward compatible
  with addons/extions <= 0.7.
 */
$MAX_PASSWORDS_PER_REQUEST=10;

/*
  Protection against brute force.
  Minimum delay (in milliseconds) between two requests.
 */
$REQUESTS_MIN_DELAY=1000;

/*
  Clear master keys and reset passwords after 15 minutes of inactivity
 */
$CLEAR_TIME=15*60*1000;

?>