Finding the right parameters for a password hashing algorithm is a daunting task.
The authors of Argon2 specified a method in their paper but it should be noted that they also mention that no value for
memory_cost is actually insecure (cf. section 6.4).
- Choose whether you want Argon2i or Argon2d (
type). If you don’t know what that means, choose Argon2i (
- Figure out how many threads can be used on each call to Argon2 (
parallelism). They recommend twice as many as the number of cores dedicated to hashing passwords.
- Figure out how much memory each call can afford (
- Choose a salt length. 16 Bytes are fine.
- Choose a hash length (
hash_len). 16 Bytes are fine.
- Figure out how long each call can take. One recommendation for concurent user logins is to keep it under 0.5ms.
- Measure the time for hashing using your chosen parameters.
time_costthat is within your accounted time. If
time_cost=1takes too long, lower
argon2_cffi‘s CLI will help you with this process.