[Whonix-devel] Argon2id Security Margin Calculation

procmem procmem at riseup.net
Thu Sep 20 07:14:00 CEST 2018

Hi JP,

I was wondering about how to accurately calculate the security margin of
argon2id against nation-state adversaries with a lot of computing power
(of every type). The hashing implementation is the one included in
Debian (as of Buster) LUKS2 with AES-256 XTS.

I've been trying to find an answer to this question by reading through
the literature on argon2 with no success. Many people say it's hard so a
non-cryptographer like me stands no chance understanding this. I asked
Steve Thomas and he gave me the estimate quoted below but he advised me
to ask you. Can you please share an equation and show me how to plug in
the numbers to calculate the entropy added?

 "2^27 < entropy < 2^35" for Argon2id m=1GiB, i=50, p=4.


*I saw somehwere that increasing CPU cost lessens the effectiveness of
memory cost and vice versa, is this how it works?

Thanks in advance.

cc/ our ML so our users can benefit from your answer.

More information about the Whonix-devel mailing list