I know this is not the first request for parallelism support in the pwhash API (#488/#986/#993), but it seems weird to me that this is not implemented. Let me elaborate:
On #986 @jedisct1 commented:
threads don’t provide a significant slowdown of the hash computation
Isn't the idea of having parallelism support that the computation is not much slower for desktop computers while it is slower for crackers using specialized hardware, because of the large amount of shared memory between multiple CPUs? This is also mentioned by someone on Crypto SE (although that in itself of course doesn't make it true).
The Argon2 draft RFC currently recommends p=4 lanes (it used to recommend choosing your own value (as the first parameter you choose, by the way, so before memory and then time), but probably this was changed because of portability).
Or does the comment mean that the slowdown on dedicated hardware is not that significant?
Of course not all password hashing functions support parallelism like Argon2 does, but I don't think that that should mean that we can't take advantage of it in functions that do support it.
I know this is not the first request for parallelism support in the
pwhashAPI (#488/#986/#993), but it seems weird to me that this is not implemented. Let me elaborate:On #986 @jedisct1 commented:
Isn't the idea of having parallelism support that the computation is not much slower for desktop computers while it is slower for crackers using specialized hardware, because of the large amount of shared memory between multiple CPUs? This is also mentioned by someone on Crypto SE (although that in itself of course doesn't make it true).
The Argon2 draft RFC currently recommends p=4 lanes (it used to recommend choosing your own value (as the first parameter you choose, by the way, so before memory and then time), but probably this was changed because of portability).
Or does the comment mean that the slowdown on dedicated hardware is not that significant?
Of course not all password hashing functions support parallelism like Argon2 does, but I don't think that that should mean that we can't take advantage of it in functions that do support it.