Choosing Parameters¶
Finding the right parameters for a password hashing algorithm is a daunting task.
The authors of Argon2 specified a method in their paper but it should be noted that they also mention that no value for time_cost
or memory_cost
is actually insecure (cf. section 6.4).
- Choose whether you want Argon2i or Argon2d (
type
). If you don’t know what that means, choose Argon2i (argon2.Type.I
). - Figure out how many threads can be used on each call to Argon2 (
parallelism
). They recommend twice as many as the number of cores dedicated to hashing passwords. - Figure out how much memory each call can afford (
memory_cost
). - Choose a salt length. 16 Bytes are fine.
- Choose a hash length (
hash_len
). 16 Bytes are fine. - Figure out how long each call can take. One recommendation for concurent user logins is to keep it under 0.5ms.
- Measure the time for hashing using your chosen parameters.
Find a
time_cost
that is within your accounted time. Iftime_cost=1
takes too long, lowermemory_cost
.
argon2_cffi
’s CLI will help you with this process.