Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:95271
Return-Path: <charlesportwoodii@ethreal.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 27399 invoked from network); 17 Aug 2016 19:48:46 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Aug 2016 19:48:46 -0000
Authentication-Results: pb1.pair.com smtp.mail=charlesportwoodii@ethreal.net; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=charlesportwoodii@ethreal.net; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ethreal.net designates 209.85.218.42 as permitted sender)
X-PHP-List-Original-Sender: charlesportwoodii@ethreal.net
X-Host-Fingerprint: 209.85.218.42 mail-oi0-f42.google.com  
Received: from [209.85.218.42] ([209.85.218.42:33593] helo=mail-oi0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 96/50-23968-D9FB4B75 for <internals@lists.php.net>; Wed, 17 Aug 2016 15:48:45 -0400
Received: by mail-oi0-f42.google.com with SMTP id c15so151059929oig.0
        for <internals@lists.php.net>; Wed, 17 Aug 2016 12:48:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ethreal.net; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=wjkQK746FCoFjP5ZN/rq/cNfqjqrDLtJ4hGCxQm1CC0=;
        b=ep1rRwI3s7Xp07IVwfJ4C4/BYYIeZ3HAV3tiOYtupWsjhZ5lJxrqgzzaGw+EsThYdW
         8ki/ANOIjS1ZgNnnndcWM5LIlb1IzrHBhTakgowNi4swe9Kb/+sFV+QF4MQrf6oZ2TAI
         16J0B2rCHnAx7494febvsYugO4rMDaeLPtIWk=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=erianna.com; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=wjkQK746FCoFjP5ZN/rq/cNfqjqrDLtJ4hGCxQm1CC0=;
        b=L5sPsFi4ks/FdB04rJQBsgsJ1ridZZAtgvy3Goy470qCVqQW0bCMQ7ygRejG0zC0vQ
         rDc6WLi+ppBoczuHGjQZh/BlwYxPCr5sqAbTHqf7KUt5/7kIhjBXDyZx7oS+tb0LqTgw
         ZhgckqUcmMjGRZuIUBYFOFGc3NIm9zQY8K34M=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=wjkQK746FCoFjP5ZN/rq/cNfqjqrDLtJ4hGCxQm1CC0=;
        b=AEdqSzt683HK4CwpRYZuLDTmGZ6C+050fIZ5FwZvMZdbKMmBw31cgyQ9SD+64YGvJ+
         BvXXgBb1JmCOSMtZW7WBIc4x2f3QvMFHqWTJ79+e/S+sdNGtCgMdT79e88Xv88qmti+l
         cLmbsNuIiowx1HoFyS53bCGEcZ5n6kO4UgECiWXlcXcNZJOhs0gYbxIuH73XL3kwzmR3
         URC1XvGm+fK82bdJCXi+/uaQPLdzCSa/3O8kwwF/rShh5d1L5xLYiN1U8lcGvEmeX1cv
         Whr5VBGa3wwUw+sTJFzdFRAonDAPk8sut6IlYtJZCgtJqNrfVvao4mazGOgoFu8Wbyct
         Y32A==
X-Gm-Message-State: AEkoouuotxg2pZ5WvVF8DSxwU6x6ZeMm8WicA42xmRYa3FZKmmOjFH3paWQkTf8F/tiMiVcxMYhmceYwpeb07A==
X-Received: by 10.157.1.163 with SMTP id e32mr22232352ote.175.1471463322010;
 Wed, 17 Aug 2016 12:48:42 -0700 (PDT)
MIME-Version: 1.0
Sender: charlesportwoodii@ethreal.net
Received: by 10.182.191.72 with HTTP; Wed, 17 Aug 2016 12:48:21 -0700 (PDT)
X-Originating-IP: [38.140.54.114]
In-Reply-To: <CAGC=tRn0Qk6wJRFL8S=rTt_3JERpid2RaN84L=cxwf40oXT5AA@mail.gmail.com>
References: <CAGC=tRnpka_ym=f-xsskjeiPaqahsTEAxPq9=E8Z73KQKeRrHg@mail.gmail.com>
 <81b5a129-9c90-0a54-921f-7e1f9b5f727f@thefsb.org> <CAGC=tR=4v0KAkqnU1Q3Fr5AeM8o_PuJfP9rYQ_s4X3=Z9UUh=w@mail.gmail.com>
 <CAObuZdsq33=g4wG=FP0bOHnsE9N+PrCu3nGs7ZNAxx=rX4dJ+w@mail.gmail.com>
 <CAGC=tRkw3u0=ufjALKvF6YpahLE6H05T0vFBHyHPCM4aR1siCw@mail.gmail.com>
 <D3CA3C50.70BAD%fsb@thefsb.org> <CAGC=tRnKgD=r8pSc1KVPahC2Xx=BYDV+M=55eQ0GfMQSVgr97Q@mail.gmail.com>
 <9d2ef6f3a84333f35ebcb843ade65c22@k-piste.dy.fi> <CANUQDCj-e27+VS0uZPXcOw=Y4mVNwR23AFE9btaNA3VXqKTAcQ@mail.gmail.com>
 <CAGC=tRk7p+=LdNT-wBNH6iUuQDnLKB5M3Pmt7DuJHxRbJPksvg@mail.gmail.com>
 <05cf17898a22abc41664004ef8731342@k-piste.dy.fi> <CAGC=tRn0Qk6wJRFL8S=rTt_3JERpid2RaN84L=cxwf40oXT5AA@mail.gmail.com>
Date: Wed, 17 Aug 2016 14:48:21 -0500
X-Google-Sender-Auth: mqaUj45kavzJ_BPaYixD0MWREqc
Message-ID: <CAGC=tRnq=XcQ9fWgd+tAqZ=zYwvWK6ek3DSqTkbB=AjtT5pHkA@mail.gmail.com>
To: =?UTF-8?Q?Lauri_Kentt=C3=A4?= <lauri.kentta@gmail.com>
Cc: Niklas Keller <me@kelunik.com>, Tom Worster <fsb@thefsb.org>, 
	PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=94eb2c09cb829be04e053a49c016
Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Argon2 Password Hash
From: charlesportwoodii@erianna.com ("Charles R. Portwood II")

--94eb2c09cb829be04e053a49c016
Content-Type: text/plain; charset=UTF-8

On Sat, Aug 6, 2016 at 12:55 PM, Charles R. Portwood II <
charlesportwoodii@erianna.com> wrote:
>
>
> I think there's a bunch of ways we can tweak this. As there's no "bad"
> values for any of these cost factors per the spec, it may just be easy to
> set the costs even lower end user decide if they need to be increased (or
> increase them in core at a later time).
>

Hi everyone,

I've spent the last week and a half playing around with various cost
factors on different virtual machines and hardware (including compiling
this down for armv6 and testing on a Pi Zero), and looking over the spec a
bit more and would like to update the proposal to use the following cost
factors:

memory_cost = 1 MiB
> time_cost = 2
> threads = 2


There are no "bad" cost factors for Argon2, but obviously more work is
better than less. These cost factors provide sufficient work effort without
exhausting system resources. Argon2 is pretty fast with these cost factors
even on a Pi Zero, which is the most resource constrained system I could
get my hands on. In all my testing I wasn't ever able to get memory
exhaustion to occur just from running argon2 hashing.

I'd like to gather some last feedback and make sure there aren't any
serious objections to these cost factors (or anything else for that matter)
before putting this up for a vote. Please let me know your thoughts.

Thanks,
*Charles R. Portwood II*

--94eb2c09cb829be04e053a49c016--