On 2016-08-06 17:47, Charles R. Portwood II wrote:
Absolutely. What are your thoughts on the following cost factors?
time_cost = 3
memory_cost = 12
threads = 1
The reference library provides a CLI program where these values are
listed. A memory_cost factor of 12 would be 4 MiB.
Looks like there's already some ambiguity in the parameters.
As I understand it, m_cost is the memory size in kilobytes.
Thus, m_cost = 4096 would be 4 MiB.
The source file you referenced [1] has actually LOG_M_COST_DEF,
where m_cost = 1 << LOG_M_COST_DEF.
Testing with argon2_cffi [2] (Python) shows that your parameters
(with m_cost = 4096 = 4 MiB) take 57 ms per hash on my laptop
and 14 ms on my VPS, compared to bcrypt cost 10 taking 88 ms.
Personally, I would be satisfied with even smaller parameters,
maybe something like memory_cost 512, time_cost 2, threads 2.
Disclaimer: I'm not familiar with Argon2, I only looked shortly
at the source files and the Python library [2]. However, care
should be taken to use the correct definition for m_cost.
[1] https://github.com/P-H-C/phc-winner-argon2/blob/master/src/run.c#L27
[2] http://argon2-cffi.readthedocs.io/en/stable/parameters.html
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
