struct Params [src]
Argon2 parameters
Fields
t: u32A [t]ime cost, which defines the amount of computation realized and therefore the execution
time, given in number of iterations.
m: u32A [m]emory cost, which defines the memory usage, given in kibibytes.
p: u24A [p]arallelism degree, which defines the number of parallel threads.
secret: ?[]const u8 = nullThe [secret] parameter, which is used for keyed hashing. This allows a secret key to be input
at hashing time (from some external location) and be folded into the value of the hash. This
means that even if your salts and hashes are compromised, an attacker cannot brute-force to
find the password without the key.
ad: ?[]const u8 = nullThe [ad] parameter, which is used to fold any additional data into the hash value. Functionally,
this behaves almost exactly like the secret or salt parameters; the ad parameter is folding
into the value of the hash. However, this parameter is used for different data. The salt
should be a random string stored alongside your password. The secret should be a random key
only usable at hashing time. The ad is for any other data.
Members
- fromLimits (Function)
- interactive_2i (Constant)
- interactive_2id (Constant)
- moderate_2i (Constant)
- moderate_2id (Constant)
- owasp_2id (Constant)
- sensitive_2i (Constant)
- sensitive_2id (Constant)
Source
pub const Params = struct {
const Self = @This();
/// A [t]ime cost, which defines the amount of computation realized and therefore the execution
/// time, given in number of iterations.
t: u32,
/// A [m]emory cost, which defines the memory usage, given in kibibytes.
m: u32,
/// A [p]arallelism degree, which defines the number of parallel threads.
p: u24,
/// The [secret] parameter, which is used for keyed hashing. This allows a secret key to be input
/// at hashing time (from some external location) and be folded into the value of the hash. This
/// means that even if your salts and hashes are compromised, an attacker cannot brute-force to
/// find the password without the key.
secret: ?[]const u8 = null,
/// The [ad] parameter, which is used to fold any additional data into the hash value. Functionally,
/// this behaves almost exactly like the secret or salt parameters; the ad parameter is folding
/// into the value of the hash. However, this parameter is used for different data. The salt
/// should be a random string stored alongside your password. The secret should be a random key
/// only usable at hashing time. The ad is for any other data.
ad: ?[]const u8 = null,
/// Baseline parameters for interactive logins using argon2i type
pub const interactive_2i = Self.fromLimits(4, 33554432);
/// Baseline parameters for normal usage using argon2i type
pub const moderate_2i = Self.fromLimits(6, 134217728);
/// Baseline parameters for offline usage using argon2i type
pub const sensitive_2i = Self.fromLimits(8, 536870912);
/// Baseline parameters for interactive logins using argon2id type
pub const interactive_2id = Self.fromLimits(2, 67108864);
/// Baseline parameters for normal usage using argon2id type
pub const moderate_2id = Self.fromLimits(3, 268435456);
/// Baseline parameters for offline usage using argon2id type
pub const sensitive_2id = Self.fromLimits(4, 1073741824);
/// Recommended parameters for argon2id type according to the
/// [OWASP cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html).
pub const owasp_2id = Self{ .t = 2, .m = 19 * 1024, .p = 1 };
/// Create parameters from ops and mem limits, where mem_limit given in bytes
pub fn fromLimits(ops_limit: u32, mem_limit: usize) Self {
const m = mem_limit / 1024;
std.debug.assert(m <= max_int);
return .{ .t = ops_limit, .m = @as(u32, @intCast(m)), .p = 1 };
}
}