Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/argon2: Update recommended parameters #57065

Open
ryicoh opened this issue Dec 3, 2022 · 1 comment
Open

x/crypto/argon2: Update recommended parameters #57065

ryicoh opened this issue Dec 3, 2022 · 1 comment
Labels
Documentation NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unreleased

Comments

@ryicoh
Copy link

ryicoh commented Dec 3, 2022

https://github.com/golang/crypto/blob/2c476679df9a5c6279ec05b48165f4bed48b792e/argon2/argon2.go#L86

// The draft RFC recommends[2] time=1, and memory=64*1024 is a sensible number.

The current document recommends time=1 based on the RFC draft,
but RFC 9106 published in September 2021 recommends time=3.

The Argon2id variant with t=3 and 64 MiB memory is the SECOND
RECOMMENDED option and is suggested as a default setting for memory-
constrained environments.
@gopherbot gopherbot added this to the Unreleased milestone Dec 3, 2022
@seankhliao seankhliao added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Documentation labels Dec 3, 2022
@seankhliao
Copy link
Member

cc @golang/security

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Documentation NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@gopherbot @seankhliao @ryicoh