Details for the interested implementer: there's a lot of bad software floating around out there, be careful and do your due diligence.
Use the argon2id function. If the language binding does not expose the argon2id function, but only argon2i and argon2d, then it's outdated, avoid. If the library has not been updated past 2016 (argon2 v1.3), it's vulnerable, avoid. (Some language bindings ship with an embedded library.)
Algorithm for picking the correct values on the target server hardware:
const PASSPHRASE := 6 random words from dictionary
const SALT := 16 bytes from urandom
const DURATION := 0.5 ### or greater; this is the maximum amount
### you are willing for your user to wait
mut T_COST := 1
mut M_FACTOR := concat(4096, 'M')
const PARALLELISM := `nproc`
const TAG_SIZE := 16 ### bytes, or 128 bits
while {
const TIMER := benchtime argon2id(
PASSPHRASE, SALT, T_COST, M_FACTOR,
PARALLELISM, TAG_SIZE
)
if TIMER > DURATION {
if 1 === T_COST {
reduce M_FACTOR ### e.g. divide by a constant
jump to top of while
} else {
jump out of while
}
}
print T_COST, concat(M_FACTOR, 'M'), TIMER
T_COST := T_COST + 1
}
Details for the interested implementer: there's a lot of bad software floating around out there, be careful and do your due diligence.
Use the argon2id function. If the language binding does not expose the argon2id function, but only argon2i and argon2d, then it's outdated, avoid. If the library has not been updated past 2016 (argon2 v1.3), it's vulnerable, avoid. (Some language bindings ship with an embedded library.)
Language bindings to the argon2 library do not document how to pick good parameters because language binding authors do not understand nor care about security, the suggestions in the synopses are laughably undervalued. Compare with the expert recommendations in https://password-hashing.net/argon2-specs.pdf chap. 6.4, 8, 9 and https://tools.ietf.org/html/draft-irtf-cfrg-argon2#section-4 .
Algorithm for picking the correct values on the target server hardware: