Default Argon2 config does not meet OWASP minimum security

[Ravenslofty]

I was going through this crate to decide whether I should use it for a personal project, and I noticed that the rust-argon2 defaults are used:

https://github.com/tvallotton/rocket_auth/blob/1a7011fd6d2e8b818fbc0e504135d11212472409/src/user/users.rs#L201-L208 https://github.com/tvallotton/rocket_auth/blob/1a7011fd6d2e8b818fbc0e504135d11212472409/src/user/user_impl.rs#L26-L34

(By the way, create_user uses a 30-byte salt, but set_password only uses a 10-byte salt. That seems...weird, and RFC9106 section 3.1 recommends 16-byte salts.)

Going through the rust-argon2 crate, we can see in a test that the defaults are configured to Argon2i, m=4096, t=3, p=1 (the mem_cost, time_cost and lanes parameters).

However, the OWASP guidelines that match most closely suggest that Argon2id, m=12288, t=3, p=1 should be used instead. One blog agrees with these values, although another (see "Password Hashing") recommends Argon2id, m=65536, t=3, p=1.

Either way, even though I'm no cryptographer, I think there's a consensus here that the defaults of the rust-argon2 crate are not secure enough. While I'm aware that there's a 0.5 major version in the works, it would be nice if you could release a 0.4.1 with the defaults improved.

[Ravenslofty]

Actually, given that rust-argon2 has known unsoundness for the past 2 years, perhaps it would be a good idea to migrate to argon2 from https://github.com/RustCrypto/password-hashes?