I would like to hash user password with Argon2id, then use this hash as ECDSA private key. I made some tests with Python and passlib.hash and found following parameters:
- memory: 32 MB
- iterations: 100
- hash length: 32 bytes (the same as ECDSA private key length)
- parallelism: 1 (I want to make it slow on purpose and the algorithm will be run on variety of devices)
With these parameters it takes about 1 second to hash the password on my computer, which is acceptable.
The question is: how to assess if these parameters are secure enough? Please note that public keys are public, so we don't have a typical situation here like with passwords when attacker has limited capabilities to check if hash is correct, unless the database is compromised. Here, with known public key attacker can easily check (offline) if generated private key (thus Argon2 result) matches to known public key without a need to gain access to protected database.
My calculations: Let's say passwords have 12 characters including lowercase, uppercase letters and numbers (26+26+10) so at best (with naïve assumption that passwords are generated randomly) there are about (62^12 or 2^71.45) 3,226,266,762,397,899,821,056 combinations. Attacker at average will need to try half of tries to crack the password, which gives us 1,613,133,381,198,949,910,528 tries. It is 51,152,123,959,885 years per single core (1 try == 1 second). We can use thousands of cores at the same time but it will still need too much time to crack it. Obviously this time in reality will be much shorter because attackers will rather use dictionary attacks.
Are my assumptions correct that provided parameters are secure enough?
