Evaluate tobtu.com minimum password settings recommendations

[tarcieri]

This guide enumerates the minimum settings required to slow attackers to <10 kH/s/GPU (using RTX 3080 or RX 6800 XT as reference GPUs) for various algorithms we implement:

https://tobtu.com/minimum-password-settings/

It might be a good idea to incorporate them into our documentation and/or use them to inform our recommendations/defaults.

Argon2

• Argon2{id,d}: m=44*1024 (44 MiB), t=1, p=1
• Argon2{id,d}: m=18*1024 (18 MiB), t=2, p=1
• Argon2: m=11*1024 (11 MiB), t=3, p=1
• Argon2: m=8*1024 (8 MiB), t=4, p=1
• Argon2: m=7*1024 (7 MiB), t=5, p=1

In general:

Argon2i: m≥89062.5/(3*t-1)*α, t≥3, p=1 Argon2{id,d}: m≥89062.5/(3*t-1)*α, t≥1, p=1 RTX 3080 12GB memory bandwidth: 89,062.5 = 912,000,000,000/10,000/1024 For low memory usage (≲64 MiB) α≈95%. Once memory usage is high enough α drops proportional to memory increase.

scrypt

• N=2^17 (128 MiB), r=8, p=1
• N=2^16 (64 MiB), r=8, p=2
• N=2^15 (32 MiB), r=8, p=3
• N=2^14 (16 MiB), r=8, p=5
• N=2^13 (8 MiB), r=8, p=9

In general:

scrypt: N≥570000/r/p*α, r=8, p≥1 RTX 3080 12GB memory bandwidth: 570,000 = 912,000,000,000/10,000/128/1.25 For low memory usage (≲64 MiB) α≈95%. Once memory usage is high enough α drops proportional to memory increase.

PBKDF2

• PBKDF2-HMAC-SHA512: 130,000 iterations (Based on RTX 3080 12GB)
• PBKDF2-HMAC-SHA256: 350,000 iterations (Based on RX 6800 XT)
• PBKDF2-HMAC-SHA1: 860,000 iterations (Based on RX 6800 XT)