Write CLI helper for recommending Argon2 parameters #723
Comments
aeneasr
added
feat
|
After reading https://www.twelve21.io/how-to-choose-the-right-parameters-for-argon2/ I think we could also add a "auto" mode where you configure the argon2 execution time and then kratos determines the right parameters on start. Setting the values manually should still be possible though. |
|
I thought about that also, but one problem with that is that the process would take quite a while to start in order to compute the correct parameters. Maybe we simply enforce Argon2 configuration and if it is not set we show an error that explains what needs to be done? |
|
I mean if you use the auto mode you should expect it to boot longer. But then the hardware doesn't change, so it would actually be better to determine it once and done. |
This patch adds the new command "hashers argon2 calibrate" which allows one to pick the desired hashing time for password hashing and then chooses the optimal parameters for the hardware the command is running on:
```
$ kratos hashers argon2 calibrate 500ms
Increasing memory to get over 500ms:
took 2.846592732s in try 0
took 6.006488824s in try 1
took 4.42657975s with 4.00GB of memory
[...]
Decreasing iterations to get under 500ms:
took 484.257775ms in try 0
took 488.784192ms in try 1
took 486.534204ms with 3 iterations
Settled on 3 iterations.
{
"memory": 1048576,
"iterations": 3,
"parallelism": 32,
"salt_length": 16,
"key_length": 32
}
```
Closes #723
Closes #572
Closes #647
Is your feature request related to a problem? Please describe.
See https:/bburman/Twelve21.PasswordStorage
Additional context
#722
#647
The text was updated successfully, but these errors were encountered: