Argon2id performance

[Ryukote]

Hi,

I just want to check if this is normal experience.

I am using Argon2id and when I set DegreeOfParallelism to 1 and MemorySize to 1024 * 4 it is a LOT faster than when I set DegreeOfParallelism to 4 and MemorySize to 1024*1024.

Shouldn't higher numbers (in the range of my PC can offer) be better for performance?

If that is not the case, why isn't DegreeOfParallelism set to 1 by default and MemorySize to 1024*4 by default?

[gregorylyons]

I'm on a mobile, so you'll have to fact check, however Argon algo allows you to increase the requires amount of memory to increase the "difficulty" of the hash (making brute force largely impossible). It's configurable so you can scale the memory requirements to your security needs.

So it stands to reason a higher setting there would make the hash slower.

[kmaragon]

@gregorylyons is exactly right. Pumping up the parameters to Argon2 are always about increased security. Not increased speed. The premise of Argon2 is the fact that it requires large lanes of memory which make brute forcing nearly impossible, even with quantum computers (without entanglement based memory buses which aren't actually a real thing afaik) - precisely as @gregorylyons said.

So precisely to your parameters, 1024 * 4 - that's using a total of 4096 KB of memory. When you use 1024 * 1024, that's 1GB of memory. While increasing Parallelism by 4x should get you improved performance, you also increased the memory by 256x. So unscientifically, you should be looking at a 64x slowdown. That is, each thready is processing roughly 64x more than your 1 thread in the former case.

The thing about argon2 is that it's precisely this substantial slowdown (along with thus far unbroken cryptographic hashing) that makes it so darn secure.

[Ryukote]

Oh cool. Thank you guys for your answers. So what would be recommended setup for Argon2 in order to be performant and secure?

[kirides]

have a look at Choosing Parameters