Conversation

Notices

1. Embed this notice
   Graham Sutherland / Polynomial (gsuberland@chaos.social)'s status on Sunday, 03-Nov-2024 09:17:00 JST Graham Sutherland / Polynomial

   • Rich Felker
   • Amber

   @puppygirlhornypost2 @dalias that's part of it yeah. the computational difficulty is configurable, so you pick the max level of compute/delay you can tolerate for a user sign-on, tuned to your performance and security requirements. but Argon2id also comes with a memory hardness factor that specifies how much memory the process must take, which makes it extremely difficult to scale in parallel with GPUs, FPGAs, and even ASICs due to hard tradeoffs between memory size and memory locality.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 03-Nov-2024 09:16:59 JST Rich Felker

     in reply to

     • Amber

     @gsuberland @puppygirlhornypost2 "Each unauthenticated user takes huge amount of memory" necessitates explicit throttling way beyond the natural throttling of "cpu time shared N ways".

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 03-Nov-2024 09:26:17 JST Rich Felker

     in reply to

     • Amber

     @gsuberland @puppygirlhornypost2 there's no such thing as saturating cpu. 10000x the ideal number of processes can be ongoing and it just takes many seconds for an operation that should take milliseconds. Vs no forward progress at all, hard failure, with insufficient memory.

   • Embed this notice
     Graham Sutherland / Polynomial (gsuberland@chaos.social)'s status on Sunday, 03-Nov-2024 09:26:19 JST Graham Sutherland / Polynomial

     in reply to

     • Rich Felker
     • Amber

     @dalias @puppygirlhornypost2 the ratio between the compute hardness and memory hardness is such that you'll saturate your CPU time long before you run out of memory.

     the point of the memory hardness is solely to add a factor where memory bandwidth and latency becomes a hard limit for extreme (read: only relevant for cracking passwords) scalability.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 03-Nov-2024 09:29:18 JST Rich Felker

     in reply to

     • Andrew Zonenberg
     • Amber

     @gsuberland @azonenberg @puppygirlhornypost2 I'd love it for something like file encryption KDF where attackers can only spend their resources not mine. But I guess for online attacks I'm in the camp of "don't blow resources on DoS, don't put your hashes somewhere stupid where attacker can get them".

   • Embed this notice
     Graham Sutherland / Polynomial (gsuberland@chaos.social)'s status on Sunday, 03-Nov-2024 09:29:19 JST Graham Sutherland / Polynomial

     in reply to

     • Rich Felker
     • Andrew Zonenberg
     • Amber

     @azonenberg @dalias @puppygirlhornypost2 yeah, it's a really well considered design, especially in `id` mode.

     and that memory hardness really hits fast. you only need to set it to single-digit megabytes before GPU cracking performance tanks.

   • Embed this notice
     Andrew Zonenberg (azonenberg@ioc.exchange)'s status on Sunday, 03-Nov-2024 09:29:20 JST Andrew Zonenberg

     in reply to

     • Rich Felker
     • Amber

     @gsuberland @dalias @puppygirlhornypost2 As someone who has experience with esoteric computer architectures, designing password crackers, and memory hardness, I hate argon2.

     They seem to have done everything right to make it very difficult to accelerate.