Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

what parameters to set #2

Open
sidielnikov opened this issue Oct 23, 2023 · 3 comments
Open

what parameters to set #2

sidielnikov opened this issue Oct 23, 2023 · 3 comments

Comments

@sidielnikov
Copy link

sidielnikov commented Oct 23, 2023

Hi Lucas, please tell me what the approximate value of the parameters in timecost spacecost delta? In terms of calculation speed and security

@samuel-lucas6
Copy link
Owner

This is difficult to answer because there's no official guidance on the parameters. The default parameters in Rust Crypto (the main implementation) can be found here (the delta is fixed at 3). A delta (δ) of 7 is mentioned in the paper as improving security.

One of the authors of the paper says:

The right way to set the parameters for any of these functions is to set the memory parameter to the largest value that you can tolerate (with the minimal time parameter). Then increase the time parameter to the largest value you can tolerate. Memory is the expensive resource, so this parameter setting will maximize the attacker's cost, subject to whatever resource constraints you (the defender) have.

This is standard password hashing guidance, although it's useful to know some baseline values and generic recommendations. I read something about the parameters being lower than Argon2 somewhere. The efficiency depends on the chosen hash function though, like this would be better with BLAKE2b.

@sidielnikov
Copy link
Author

Thanks a lot for your help

@samuel-lucas6
Copy link
Owner

This paper actually suggests you need more memory/Balloon is less resistant to some attacks than Argon2i due to the smaller block size (Section 6.4).

This paper says Argon2i has higher cumulative memory cost and is more depth-robust than Balloon. However, I've not read these papers properly and wouldn't understand them completely if I tried.

The best shout would probably be asking Steve Thomas to add Balloon to his Minimum Password Settings page.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants