Argon2id should be the default

[philtay]

Currently Argon2i is used as the default algorithm. There are two published attacks against it. The recommended and primary variant of Argon2 is Argon2id (also default in libsodium).

[hynek]

Hm yeah, I guess I’ll have to build hash flexibility (that’s the wrong word, isn’t it :)) into PasswordHasher and update the docs.

[philtay]

Yep!

• Default to Argon2id
• time_cost=1
• memory_cost=32*1024 (i.e. 32 MiB)
• parallelism=len(os.sched_getaffinity(0))

[hynek]

Yeah I’ll try to read myself thru the RFC on the weekend. I’ve pinged Django about it too since they use the low-level functions.

[hynek]

I have started working on that in #34 but I don’t think I’m comfortable to change the other default parameters .

[philtay]

memory_cost is arbitrary, the others are sane defaults. A time_cost > 1 doesn't make much sense for password hashing and having parallelism = number of cores is quite obvious. Anyway, more than hardcoded default arguments, we need an helper function that, given a time constraint, returns optimal parameters. That's a good one: https://gitlab.com/cryptsetup/cryptsetup/blob/master/lib/crypto_backend/pbkdf_check.c#L202