Argon2 Parameter Tuning Guide
How to choose Argon2 memory, iterations, and parallelism parameters for production password hashing.
Published:
Tags: Argon2 tuning parameters, Argon2 memory time cost, tuning password hashing
Argon2 Parameter Tuning Guide Argon2's three tunable parameters — memory cost, time cost, and parallelism — determine both its security and its performance impact. Choosing them well requires benchmarking on your target hardware rather than using fixed defaults. This guide explains what each parameter controls, OWASP-aligned starting points, and how to benchmark and adjust for your environment. --- What are the three parameters? | Parameter | Symbol | Controls | Effect on security | Effect on performance | |-----------|--------|----------|-------------------|----------------------| | Memory cost | m | KiB of RAM required | Higher m → more VRAM needed per GPU attack | Linear increase in memory usage | | Time cost | t | Number of passes over memory | Higher t → more CPU time | Linear…
Frequently Asked Questions
How do I tune Argon2 for production?
Start from the OWASP minimum (m=19456 KiB, t=2, p=1) and benchmark on your authentication server. Increase memory cost first (doubles attacker's RAM requirement), then time cost (adds wall-clock time per hash). Target 500ms–1000ms per hash on your slowest server. Re-benchmark when upgrading hardware.
What is the OWASP recommendation for Argon2?
OWASP Password Storage Cheat Sheet (2023) recommends Argon2id with m=19456 (19 MiB), t=2, p=1 as the minimum. For high-security scenarios, m=65536 (64 MiB), t=3, p=4. These values are regularly reviewed and updated as hardware speeds change.
What is memory-hardness in Argon2?
Memory-hardness means the algorithm requires a large amount of RAM to compute. Argon2 fills a memory array of size m KiB with pseudorandom data that must be held in memory throughout computation. This limits GPU parallelism (constrained by VRAM) and raises the cost of dedicated hardware attacks (ASICs require large on-chip memory, which is expensive).
How does parallelism affect Argon2 performance?
The parallelism parameter (p) specifies how many threads can work on a single hash in parallel. Setting p=4 with 4 CPU cores reduces wall-clock time by ~4x compared to p=1 with the same m and t values. However, increasing p also increases memory bandwidth requirements. A larger p provides marginal additional security against single-threaded attackers but improves user experience on multi-core servers.
How do I benchmark Argon2 parameters?
Run the argon2 command-line tool: `argon2 somesalt -id -t 3 -m 16 -p 4 -l 32` and measure wall-clock time. Or benchmark in your language: time multiple hash operations and calculate per-hash milliseconds. Target 500ms for typical authentication flows, 1000ms for high-security scenarios. Run benchmarks under simulated load (concurrent hashing) since memory bandwidth is a bottleneck.
All articles · theproductguy.in