56 lines
1.4 KiB
Plaintext
56 lines
1.4 KiB
Plaintext
==== Select the correct Argon2 parameters
|
|
|
|
In general, the default values of the Argon2 library are considered safe. If you
|
|
need to change the parameters, you should note the following:
|
|
|
|
First, Argon2 comes in three forms: Argon2i, Argon2d and Argon2id.
|
|
Argon2i is optimized for hashing passwords and uses data-independent memory
|
|
access. Argon2d is faster and uses data-dependent memory access, making it
|
|
suitable for applications where there is no risk of side-channel attacks. +
|
|
Argon2id is a mixture of Argon2i and Argon2d and is recommended for most applications.
|
|
|
|
Argon2id has three different parameters that can be configured: the basic
|
|
minimum memory size (m), the minimum number of iterations (t) and the degree of
|
|
parallelism (p). +
|
|
The higher the values of m, t and p result in safer hashes, but come at the cost of higher
|
|
resource usage. There exist general recommendations that balance security and speed in an
|
|
optimal way.
|
|
|
|
Hashes should be at least 32 bytes long and salts should be at least 16 bytes long.
|
|
|
|
Next, the recommended parameters for Argon2id are:
|
|
|
|
[options="header",cols="a,a,a,a"]
|
|
|===
|
|
|Recommendation type |Time Cost |Memory Cost |Parallelism
|
|
|Argon2 Creators
|
|
|1
|
|
|2097152 (2 GiB)
|
|
|4
|
|
|Argon2 Creators
|
|
|3
|
|
|65536 (64 MiB)
|
|
|4
|
|
|OWASP
|
|
|1
|
|
|47104 (46 MiB)
|
|
|1
|
|
|OWASP
|
|
|2
|
|
|19456 (19 MiB)
|
|
|1
|
|
|OWASP
|
|
|3
|
|
|12288 (12 MiB)
|
|
|1
|
|
|OWASP
|
|
|4
|
|
|9216 (9 MiB)
|
|
|1
|
|
|OWASP
|
|
|5
|
|
|7168 (7 MiB)
|
|
|1
|
|
|===
|
|
|