![]() ![]() Set the parallelism and memory parameters to the largest amount you are willing to afford, bearing in mind that you probably don't want to max these out completely unless your machine is dedicated to password hashing.The recommended process for choosing the parameters can be paraphrased as follows: Picking the right parameters for Argon2 depends heavily on the machine that the algorithm is running on, and you'll probably need to do some experimentation in order to set them appropriately. So - for example - running Argon2 with a parallelism parameter of 2 will result in a different password hash to running it with a parallelism parameter of 4. There's an important thing to note here though: changing the value of the parallelism parameter changes the output of the algorithm. This controls the number of threads that the work is spread across. If the Argon2 algorithm is running on a machine with multiple cores, then one way to decrease the runtime without reducing the cost is to increase the parallelism parameter. If you're generating the hash in response to a user action (like signing up or logging in to a website) then you probably want to keep the runtime to less than 500ms to avoid a negative user experience. As you increase the cost, the time taken to generate the hash also increases. It also follows that the greater the cost will be for any attacker trying to guess the password.īut there's a balance that you need to strike. The higher these figures are, the greater the cost of generating the hash. The memory and iterations parameters control the computational cost of hashing the password. Key length - Length of the generated key (or password hash).16 bytes is recommended for password hashing. Salt length - Length of the random salt.Parallelism - The number of threads (or lanes) used by the algorithm.Iterations - The number of iterations (or passes) over the memory.Memory - The amount of memory used by the algorithm (in kibibytes).The Argon2 algorithm accepts a number of configurable parameters: This is essentially a hybrid of the Argon2d and Argon2i algorithms and uses a combination of data-independent memory access (for resistance against side-channel timing attacks) and data-depending memory access (for resistance against GPU cracking attacks). In general, for password hashing you should use the Argon2id variant. It's important to explain that the Argon2 algorithm has 3 variants which work slightly differently: Argon2d, Argon2i and Argon2id. In the rest of this post I'm going to explain exactly how to use this pure Go approach. The tvdburgt/go-argon2 package provides Go bindings to the libargon2 C library, or you can implement a pure Go solution by wrapping the /x/crypto/argon2 package with helpers for hashing and verifying passwords. If you want to use Argon2 - which is widely considered to be the best in class KDF for hashing passwords - then you've got a couple of choices. ![]() Hashing and verifying passwords in Go with Bcrypt and Scrypt is already easy to do thanks to the /x/crypto/bcrypt package and Matt Silverlock's elithrar/simple-scrypt package. ![]() If you're planning to store user passwords it's good practice (essential really) to hash them using a computationally expensive key-derivation function (KDF) like Bcrypt, Scrypt or Argon2. Thanks to Andreas Auernhammer, author of the /x/crypto/argon2 package, for checking over this post before publication. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |