-
-
Notifications
You must be signed in to change notification settings - Fork 959
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Write CLI helper for recommending Argon2 parameters #723
Comments
After reading https://www.twelve21.io/how-to-choose-the-right-parameters-for-argon2/ I think we could also add a "auto" mode where you configure the argon2 execution time and then kratos determines the right parameters on start. Setting the values manually should still be possible though. |
I thought about that also, but one problem with that is that the process would take quite a while to start in order to compute the correct parameters. Maybe we simply enforce Argon2 configuration and if it is not set we show an error that explains what needs to be done? |
I mean if you use the auto mode you should expect it to boot longer. But then the hardware doesn't change, so it would actually be better to determine it once and done. |
This patch adds the new command "hashers argon2 calibrate" which allows one to pick the desired hashing time for password hashing and then chooses the optimal parameters for the hardware the command is running on: ``` $ kratos hashers argon2 calibrate 500ms Increasing memory to get over 500ms: took 2.846592732s in try 0 took 6.006488824s in try 1 took 4.42657975s with 4.00GB of memory [...] Decreasing iterations to get under 500ms: took 484.257775ms in try 0 took 488.784192ms in try 1 took 486.534204ms with 3 iterations Settled on 3 iterations. { "memory": 1048576, "iterations": 3, "parallelism": 32, "salt_length": 16, "key_length": 32 } ``` Closes #723 Closes #572 Closes #647
Is your feature request related to a problem? Please describe.
See https:/bburman/Twelve21.PasswordStorage
Additional context
#722
#647
The text was updated successfully, but these errors were encountered: