Closed B-McDonnell closed 2 years ago
It may also be useful to set some flag for which set of default parameters may be preferred.
Some possible implementations:
reduced_memory
. Causes defaults to be overwritten by reduced memory defaults.class PasswordHasher:
...
@classmethod
def with_default_parameters(cls, parameters: Parameters) -> PasswordHasher:
# note: DefaultParameters and LowMemoryDefeaultParameters objects
# would need to be defined elsewhere
return PasswordHasher(
time_cost=parameter.time_cost,
...
)
(This isn't a complete implementation, as it doesn't allow for parameter override --- just a proof of concept)
LowMemoryPasswordHasher
child class.Hi Brendan, sorry for the long silence. When you opened this issue I was traveling (!!!!) and I've been procrastinating on a release ever since because it's a big topic.
I think the best way forward is making the low-mem case the default and allow to create hashers from Parameters
as per your option 2.
It was so clear that they had to publish the final version a few days after I published a basically non-release. 🤪
I think the best way forward is making the low-mem case the default and allow to create hashers from
Parameters
as per your option 2.
Would this provide a default high memory Parameters
object? e.g. something like
from argon2 import PasswordHasher, HighMemoryParameters
high_mem_hasher = PasswordHasher.from_parameters(HighMemoryParameters)
Yeah, I’d supply both RFC options at least. Maybe additionally the current defaults for people who want to keep them. Could live in a separate module argon2.profiles.RFC9106HighMemory
or something.
Argon2 now has an official informational RFC, not just a draft: RFC 9106. This change occurred on September 7th.
The previous RFC draft is referenced in two locations:
and default parameters (no longer in line with the RFC) are implemented in PasswordHasher.
I believe the parameter choice changes were made in #41 in 2018. Since then, the draft went through revisions 4 through 13 before being marked as done. Since then, the Parameter Choice section has changed (diff here).
The RFC now recommends the following:
Major changes:
argon-cffi
's parameter choice should be updated to reflect the official RFC and documentation should be updated.Currently, the default parameters are as follows:
They should be adapted to one of the recommended general use options:
It may also be useful to set some flag for which set of default parameters may be preferred.
Finally, having a utility to automatically find
t
given the other parameters, as per the following:It's time for everyone to make good use of
check_needs_rehash
!