mackowski
commented
3 years ago Awesome idea @jmanico go for it :)
Closed jmanico closed 3 years ago
mackowski
commented
3 years ago Awesome idea @jmanico go for it :)
jmanico
commented
3 years ago I talking to a few of the worlds top experts on this topic - as soon as I am done with my research I'll make this happen!
Sc00bz
commented
3 years ago That is for Argon2id and Argon2i needs t≥3 because of an attack. Also https://password-hashing.net/argon2-specs.pdf has not been updated to Argon2 version 1.3.
The formulas to get <10 kH/s on an RTX 3080:
Argon2i: m≥74219/(3*t-1)*α+4*p-1, t≥3, p=1
Argon2{id,d}: m≥74219/(3*t-1)*α+4*p-1, t≥1, p=174219 comes from RTX 3080's bandwidth of 760 GB/s (74,218.75 = 760,000,000,000/10,000/1024).
3*t-1 is how many times the memory is read or written. Twice on the first round (write sequential and read random) then three times from then on (write sequential, read sequential, and read random).
α is the efficiency of bandwidth usage. Ideal for an RTX 3080 is about 97% (32/33). You can just ignore it and use α=1.
The 4*p-1 is to round up because you can set m to any number and it will round down to the nearest multiple of 4*p. Also it real doesn't matter.
So you can just use the simplified version of m≥74219/(3*t-1). Also you could just state the following as good settings:
Argon2{id,d}: m=37112, t=1, p=1
Argon2{id,d}: m=14844, t=2, p=1
Argon2: m=9280, t=3, p=1
Argon2: m=6748, t=4, p=1Or round up to the nearest MiB:
Argon2{id,d}: m=37 MiB, t=1, p=1
Argon2{id,d}: m=15 MiB, t=2, p=1
Argon2: m=10 MiB, t=3, p=1
Argon2: m=7 MiB, t=4, p=1For authentication you should use p=1 because a lot of people are running a VPS with a single CPU core. Even if not, one could benchmark this and think they can go higher on settings than they should because they are not thinking about throughput. Also with memory hard algorithms, it would be wise to limit the number of simultaneous instances of Argon2. An attacker can likely send more requests per second than a server to do. Which will make the server exhaust all memory if there isn't a limit.
jmanico
commented
3 years ago This is immensely helpful. I'm going to integrate your suggestions immediate and reference the PR for your review. Thank you!
jmanico
commented
3 years ago @Sc00bz I integrated your comments into the cheatsheet, if you want anything changed or added please let me know. I made minimal changes and can add more if you feel it's valuable.
https://github.com/OWASP/CheatSheetSeries/commit/649429bdaab39019f5a7fc3e30487557644990aa
jmanico
commented
3 years ago @Sc00bz would you like me to cite you as a reference in the document? I want to make sure you are getting proper credit. What would you like?
I would like to give clear guidance on how to tune Argon2i. I am inclined to go with https://tools.ietf.org/html/draft-ietf-kitten-password-storage-03#section-5.1.
Any thoughts here?