php - PHP7 中的 Argon2i - 选择合适的选项

Question

我应该使用什么值来生成 Argon2i 哈希，我如何才能找到我的硬件可以承受的适当设置？

即:

memory_cost
time_cost
threads

作为:

$options = [
    'memory_cost' => 1<<17,
    'time_cost'   => 4,
    'threads'     => 3,
];

$hash = password_hash('test', PASSWORD_ARGON2I, $options);

有a simple script in PHP docs为 bcrypt 哈希找到合适的成本值。这如何适用于 Argon2？

Answer 1

发件人:PHP RFC Argon2 password_hash

成本因素

来自:

Due to the variety of platforms PHP runs on, the cost factors are deliberately set low as to not accidentally exhaust system resources on shared or low resource systems when using the default cost parameters. Consequently, users should adjust the cost factors to match the system they're working on. The following list outlines hashing performance on various systems using these default cost values.

Common Cloud Server 512 MB, 1 Core: 3-5 ms
Common Cloud Server 2 GB, 2 Core, 1-3 ms
512 MB Raspberry Pi Zero: 75-85ms

As Argon2 doesn't have any “bad” values, however consuming more resources is considered better than consuming less. Users are encouraged to adjust the cost factors for the platform they're developing for.

线程

发件人:What Is The Recommended Number Of Iterations For Argon2

The argon2 paper gives the following procedure (paraphrased) for determining the parameters you should use:

• 1. Figure out how many threads you can use, choose $h$ accordingly.
• 2. Figure out how much memory you can use, choose $m$ accordingly.
• 3. Decide on the maximum time $x$ you can spend on it, choose the largest $t$ such that it takes less than $x$ with your system and other parameter choices.

I.e. they recommend you run it on your system and decide the largest parameters that match your limits on memory and processor time use.

来自 Argon 2 规范。

( link here )

• Degree of parallelism p determines how many independent (but synchronizing) computational chains can be run. It may take any integer value from 1 to 2^24 -1

• Memory size m can be any integer number of kilobytes from 8p to 2^32 −1. The actual number of blocks is m′, which is m rounded down to the nearest multiple of 4p.

• Number of iterations t (used to tune the running time independently of the memory size) can be any integer number from 1 to 2^32 -1

更多文献

From Here

• Figure out how many threads can be used on each call to Argon2 (parallelism). They recommend twice as many as the number of cores dedicated to hashing passwords.

• Figure out how long each call can take. One recommendation for concurent user logins is to keep it under 0.5ms.

• Measure the time for hashing using your chosen parameters. Find a time_cost that is within your accounted time. If time_cost=1 takes too long, lower memory_cost.

结论:

因此，从上面的摘录来看，您似乎希望以 0.5ms 的时间跨度为目标，正如在 BCrypt 示例中一样，由 PHP microtime 测量。然后，您可以将线程 的数量设置为您的 CPU 运行的内核数量的两倍，因此对于 4 核处理器，假设为 8。

然后您应该能够使用上述两个值运行一系列测试，以找到 memory_cost 的第三个有效值。

在您的服务器上运行一些测试，看看服务器可以轻松管理什么。探索 if this CLI可以提供帮助。

按照上面引用的顺序更改三个变量(在 Threads 下)，因此通过使用大量迭代计数来调整内存。

简而言之，我们无法为您提供“最佳建议”指南，因为这取决于具体规范。你打算在...上运行它