-
|
Curious if the default setting for the Argon2Function is good enough with |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
These are the minimum suggested requirements by OWASP and it's good: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#introduction Anything stronger than that is better, but also depends on your system requirements. For example memory=15/iterations=2 and memory=37/iterations=1 provides the same level of security, but there is a tradeoff between RAM and CPU. If you have more computational power than memory you should choose the first one. In any case Password4j provides a tool that can help to choose the right configuration: https://github.com/Password4j/password4j/wiki/Recommended-settings#responsiveness-3 (numbers here are just random examples) |
Beta Was this translation helpful? Give feedback.
-
|
That helped. Thanks, @firaja |
Beta Was this translation helpful? Give feedback.
These are the minimum suggested requirements by OWASP and it's good: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#introduction
Anything stronger than that is better, but also depends on your system requirements. For example memory=15/iterations=2 and memory=37/iterations=1 provides the same level of security, but there is a tradeoff between RAM and CPU. If you have more computational power than memory you should choose the first one.
In any case Password4j provides a tool that can help to choose the right configuration: https://github.com/Password4j/password4j/wiki/Recommended-settings#responsiveness-3 (numbers here are just random examples)