1

While Argon2 seems to be recommended for password hashing, based on this twit Argon2 is worse than bcrypt at runtimes < 1000 ms.

Based on this answer:

You should tweak the parameters to your own use-case and performance requirements, but I believe the following are acceptable defaults for Argon2id and Argon2d:

  • 512MB of memory
  • 8 iterations
  • Parallelism factor of 8

The speed of this depends on your processor, but I achieved approximately 2000ms on my system.

Questions regarding proposed configuration:

  1. Does this mean that it will take 2 seconds time to hash or verify password hash?
  2. What if 10 users will want to login (hash validation) and webserver will have only 1GB memory, last user will wait for 10 seconds?
  3. Does this mean that during multiple users login webserver will eat configuration(500MB)*users_that_login_now the resources (CPU, Memory)?
  4. If all above is correct, how it can be usable for general web application with limited resources, should in only be used for banks and other applications that require best security?
ZiiMakc
  • 111
  • 3
  • 3
    What you describe is not specific to Argon2 vs. bcrypt but applies to all cases where password hashing is made deliberately expensive in order to slow down offline attacks where the attacker got access to the hashed passwords. Does this answer your question? Do Key-Derivation Functions pose a Denial-of-Service Threat for APIs? – Steffen Ullrich Apr 02 '23 at 14:57
  • @SteffenUllrich partly, does this mean that all my assumptions are correct and does this mean that if I want a 250-500 ms for hash verification is better to use bcrypt instead using Argon2 with similar low recourse consumption configuration? – ZiiMakc Apr 02 '23 at 15:05
  • 3
    Both Argon2 and bcrypt can be tuned to have the resource requirements you need. Argon2 is even more flexible in this regard than bcrypt. But note that high resource usage is a feature of these password hashes, not a bug. The more one reduces the resource usage, the easier offline attacks get. – Steffen Ullrich Apr 02 '23 at 15:11
  • @ZiiMakc: The twit you linked is just a rant. It does not provide any explanation, any numbers. – mentallurg Apr 02 '23 at 17:14
  • @mentallurg But a very informed rant. We'll have to agree to disagree - again - on the usefulness of that. :D – Royce Williams Apr 03 '23 at 00:32
  • @RoyceWilliams: We don't know if the rant is informed or not. Despite the author participated in the process, his opinion may be based on what he has heard or what he has supposed, and may be this question have never been researched and analyzed. Until the author does not explain these words, I see it just a rant. – mentallurg Apr 03 '23 at 05:51

0 Answers0