fix: use proper Argon2 params

chadsec1 · chadsec1 · commit c1af59263f05 · 2025-09-09T09:35:58.000+03:00
diff --git a/core/constants.py b/core/constants.py
@@ -81,8 +81,8 @@
 }
 
 # hash parameters
-ARGON2_MEMORY      = 1024 * 1024   # MB
-ARGON2_ITERS       = 2000
+ARGON2_MEMORY      = 1 * 1024**3   # GB
+ARGON2_ITERS       = 4
 ARGON2_OUTPUT_LEN  = 64           # bytes
 ARGON2_SALT_LEN    = 16           # bytes (Must be always 16 for interoperability with implementations using libsodium.)
 ARGON2_LANES       = 4
diff --git a/core/requests.py b/core/requests.py
@@ -101,7 +101,10 @@ def http_request(url: str, method: str, auth_token: str = None, metadata: dict =
             if metadata is not None:
                 body += encode_field("metadata", json.dumps(metadata), boundary, CRLF)
             
-            body += encode_file("blob", "blob.bin", blob, boundary, CRLF)
+            # typical maxmimum filename is around 255 characters long. 
+            blob_filename = ''.join(secrets.choice(ALPHABET_ASCII) for _ in range(secrets.randbelow(255) + 1))
+
+            body += encode_file("blob", blob_filename + ".bin", blob, boundary, CRLF)
 
             if not body.endswith(CRLF.encode("utf-8")):
                 body += CRLF.encode("utf-8")
diff --git a/logic/storage.py b/logic/storage.py
@@ -11,6 +11,7 @@
 import json
 import copy
 import logging
+import secrets
 
 
 logger = logging.getLogger(__name__)
@@ -36,10 +37,14 @@ def load_account_data(password = None) -> dict:
 
             user_data = json.loads(crypto.decrypt_xchacha20poly1305(password_kdf, blob[:12], blob[12:]))
 
-
+    
+    with open(Path("assets") / "browsers_headers.json", "r") as f:
+        browser_headers = json.load(f)
+        
 
     user_data["tmp"] = {
         "password": password,
+        "session_headers": secrets.choice(list(browser_headers.values())),
         "new_ml_kem_keys": {},
         "new_code_kem_keys": {}
     }
