paulgreg / UniquePasswordBuilder

A bookmarklet to generate strong password per site
https://paulgreg.me/UniquePasswordBuilder/
MIT License
8 stars 4 forks source link

argon2 memory complexity is fixed at 1MB #22

Open divVerent opened 5 years ago

divVerent commented 5 years ago

https://github.com/paulgreg/UniquePasswordBuilder/blob/9b5929dcf5a43e8ce8fd33a6f5a2055c99b82ab1/src/passwordgeneration.js#L96

For some reason, the memory size of Argon2 is not specified but always left at a default of 1024 KB. This is in no way bad right now, but having this configurable would be rather nice.

Given the default difficulty setting is 10 and the default memory size is 1024, I suggest that a future version (with incompatible passwords - e.g. as an additional mode) should set the memory complexity of argon2 to pow(2, difficulty).

Alternatively, for Argon2 a second input field, for memory complexity, could be offered. That would even be a compatible change.

divVerent commented 5 years ago

I should mention that the reference implementation of Argon2 defaults differently:

https://github.com/P-H-C/phc-winner-argon2

So it uses 3 iterations (UPB: 10) and 4MB RAM (UPB: 1MB).

So another probably good change in the long run would be increasing the default memory size to 4MB (2^12).

paulgreg commented 5 years ago

Thanks for that feedback. Yes, we could update the default but as you said it, it would break the current compatibility.

divVerent commented 5 years ago

So maybe let's eventually get a second input field for, say, "memory difficulty" when using Argon2? Can keep the defaults then, and everyone can then choose the values according to their own paranoia.

(BTW: Argon2 recommendation by IETF is to set memory as high as acceptable while using 1 iteration, and then fine tune with the iteration count)

paulgreg commented 5 years ago

Yes. However, the problem with memory settings is that you can set a value using a powerful desktop which may cause issue on a less performance device (like your phone) that you’ll notice only later.

divVerent commented 5 years ago

Yes, I noticed - given my slowest device is a Fire HD 8 tablet, my highest options are 16M with 1 round (as per recommendations by IETF on how to tune Argon2). It takes 3 seconds then, about my threshold of patience.

The default of the reference implementation BTW would be 4M at 3 rounds, and 1M at 16 rounds takes similarly long.

BTW it would probably help if we could get the WebAssembly version of argon2 to work - but I don't believe we should rely on that for performance. And even that is still like 100 times slower than the command line binary.

Still it would be nice to have that configurable, or at least a set of Argon2 presets with different memory sizes.

In any case, thanks for your great work!

On Wed, Jan 16, 2019, 02:02 Grégory Paul <notifications@github.com wrote:

Yes. However, the problem with memory settings is that you can set a value using a powerful desktop which may cause issue on a less performance device (like your phone) that you’ll notice only later.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/paulgreg/UniquePasswordBuilder/issues/22#issuecomment-454673663, or mute the thread https://github.com/notifications/unsubscribe-auth/AAPWsA6SPhsvnA9wYL6A97mzY3WyILWMks5vDs5sgaJpZM4Z2YPP .