Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:95276 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 41544 invoked from network); 17 Aug 2016 21:45:14 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 17 Aug 2016 21:45:14 -0000 Authentication-Results: pb1.pair.com header.from=fsb@thefsb.org; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=fsb@thefsb.org; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain thefsb.org designates 173.203.187.75 as permitted sender) X-PHP-List-Original-Sender: fsb@thefsb.org X-Host-Fingerprint: 173.203.187.75 smtp75.iad3a.emailsrvr.com Received: from [173.203.187.75] ([173.203.187.75:50376] helo=smtp75.iad3a.emailsrvr.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 68/D2-23968-9EAD4B75 for ; Wed, 17 Aug 2016 17:45:14 -0400 Received: from smtp2.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp2.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id DF31CC03B0; Wed, 17 Aug 2016 17:45:10 -0400 (EDT) X-Auth-ID: fsb@thefsb.org Received: by smtp2.relay.iad3a.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id 8329BC0194; Wed, 17 Aug 2016 17:45:07 -0400 (EDT) X-Sender-Id: fsb@thefsb.org Received: from [10.0.1.2] ([TEMPUNAVAIL]. [66.30.62.12]) (using TLSv1 with cipher DES-CBC3-SHA) by 0.0.0.0:465 (trex/5.7.1); Wed, 17 Aug 2016 17:45:10 -0400 User-Agent: Microsoft-MacOutlook/14.6.6.160626 Date: Wed, 17 Aug 2016 17:45:05 -0400 To: "Charles R. Portwood II" CC: Niklas Keller , PHP internals , Lauri =?UTF-8?B?S2VudHTDpA==?= Message-ID: Thread-Topic: [PHP-DEV] Re: [RFC][DISCUSSION] Argon2 Password Hash References: <81b5a129-9c90-0a54-921f-7e1f9b5f727f@thefsb.org> <9d2ef6f3a84333f35ebcb843ade65c22@k-piste.dy.fi> <05cf17898a22abc41664004ef8731342@k-piste.dy.fi> In-Reply-To: Mime-version: 1.0 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: 7bit Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Argon2 Password Hash From: fsb@thefsb.org (Tom Worster) On 8/17/16, 3:48 PM, "Charles R. Portwood II" wrote: >Hi everyone, > >I've spent the last week and a half playing around with various cost >factors on different virtual machines and hardware (including compiling >this down for armv6 and testing on a Pi Zero), and looking over the spec >a bit more and would like to update the proposal to use the following >cost factors: > > >memory_cost = 1 MiB >time_cost = 2 >threads = 2 > > >There are no "bad" cost factors for Argon2, but obviously more work is >better than less. These cost factors provide sufficient work effort >without exhausting system resources. Argon2 is pretty fast with these >cost factors even on a Pi Zero, which is the most resource constrained >system I could get my hands on. In all my testing I wasn't ever able to >get memory exhaustion to occur just from running argon2 hashing. > >I'd like to gather some last feedback and make sure there aren't any >serious objections to these cost factors (or anything else for that >matter) before putting this up for a vote. Please let me know your >thoughts. Hi Charles, I trust your judgement in drawing conclusions from these experiments. Thank you for the work you've put in. Tom