Closed Shamil-R closed 9 months ago
without looking into it: argon2id and other hashing algorithms make use of "memory" as a security measurement, to fight specialized hardware and attack cost.
They should be "slow" and "expensive" relative to their benefit. On a Server, 100ms and 1 MB for a login-hash might be okay. Storing the hashes locally though requires a lot more. typically 1000ms and 4-16 MB per try or even higher.
this is NOT professional advice, nor do i recommend these values. Please lookup the correct up-to-date values for your used hashing algorithm up
The IETF Internet-Draft referenced in the README.md doc speaks to setting the Argon parameters according to the maximum amount memory that each call can afford. (See also, this response to #3 )
Please see this response to a similar issue: https://github.com/alexedwards/argon2id/issues/3#issuecomment-548490682
Argon2 is deliberately memory hungry by design. Please change the default parameters to suit your needs and hardware.
One CreateHash function consumes a lot of resources. Because there is code in func initBlocks
var block0 [1024]byte B := make([]block, memory)
Maybe optimize it?