-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
what parameters to set #2
Comments
This is difficult to answer because there's no official guidance on the parameters. The default parameters in Rust Crypto (the main implementation) can be found here (the delta is fixed at 3). A delta (δ) of 7 is mentioned in the paper as improving security. One of the authors of the paper says:
This is standard password hashing guidance, although it's useful to know some baseline values and generic recommendations. I read something about the parameters being lower than Argon2 somewhere. The efficiency depends on the chosen hash function though, like this would be better with BLAKE2b. |
Thanks a lot for your help |
This paper actually suggests you need more memory/Balloon is less resistant to some attacks than Argon2i due to the smaller block size (Section 6.4). This paper says Argon2i has higher cumulative memory cost and is more depth-robust than Balloon. However, I've not read these papers properly and wouldn't understand them completely if I tried. The best shout would probably be asking Steve Thomas to add Balloon to his Minimum Password Settings page. |
Hi Lucas, please tell me what the approximate value of the parameters in timecost spacecost delta? In terms of calculation speed and security
The text was updated successfully, but these errors were encountered: