1

How fast is too fast? 50ms? 500ms?

For example, Argon2d time=1 threads=1 mem=65536 takes 50ms with todays EC2, is that "good enough"?

Obviously depends on attackers' resources and password entropy, but I'm only looking for a rule of thumb applicable to typical website owners; not looking for a formula or anything.

davidtgq
  • 177
  • 1
  • 8
  • those are both fine. long time supposedly equates to more security, but i doubt a lot of attackers even mess with bruteforcing proper PWH. Know that regular hashes crack at billions/sec on a single machine, so 50ms (200 guesses/sec), or even 5ms, is astronomically longer (safer) – dandavis Oct 23 '17 at 23:05

1 Answers1

1

Minimum time? You want the hash function to take as long as you find tolerable for your application.

You suggested 50ms and 500ms. While 50ms is just too fast, 500ms is just a little to slow. In 2015, @Thomas Pornin recommended a minimal speed of 241ms. That was the recommendation 2 years ago so you might want to go just a little higher, for example 270ms.

By all means you can use your 500ms, but only if that's not too slow for your application.

Joe
  • 2,734
  • 2
  • 12
  • 22
  • in terms of ptime, there's not a lot of difference between 50 and 500, or anywhere in-between: your security should not "hinge" on a single power of ten, since attackers can use 10 systems (or 100,000). – dandavis Oct 23 '17 at 23:02