[Whonix-devel] Argon2id Security Margin Calculation

Jean-Philippe Aumasson jeanphilippe.aumasson at gmail.com
Sat Sep 22 08:58:06 CEST 2018


not sure to get the question, I think that if you want to evaluate the risk
against "high-budget" adversaries, you must consider the following
- the estimated budget and time of your adversary
- the value of the asset targeted
- the strength of the password
- the Argon2 parameters

In LUKS2 you can afford strong Argon2 parameters, such as the ones you
suggest. If you use a strong passphrase (say of entropy greater than 50)
you'll defeat any realistic attacker :)

It's difficult to realistically estimate the strength/entropy added by the
Argon2 parameters, because hardness depends not only on the iterations
count but also on the cost of memory accesses, which depend on the
hardware. I think that one most qualified person to answer this question is
Solar Designer.

Hope this helps!



On Thu, Sep 20, 2018 at 7:14 AM procmem <procmem at riseup.net> wrote:

> Hi JP,
> I was wondering about how to accurately calculate the security margin of
> argon2id against nation-state adversaries with a lot of computing power
> (of every type). The hashing implementation is the one included in
> Debian (as of Buster) LUKS2 with AES-256 XTS.
> I've been trying to find an answer to this question by reading through
> the literature on argon2 with no success. Many people say it's hard so a
> non-cryptographer like me stands no chance understanding this. I asked
> Steve Thomas and he gave me the estimate quoted below but he advised me
> to ask you. Can you please share an equation and show me how to plug in
> the numbers to calculate the entropy added?
> Steve:
>  "2^27 < entropy < 2^35" for Argon2id m=1GiB, i=50, p=4.
> ***
> *I saw somehwere that increasing CPU cost lessens the effectiveness of
> memory cost and vice versa, is this how it works?
> Thanks in advance.
> cc/ our ML so our users can benefit from your answer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.whonix.org/pipermail/whonix-devel/attachments/20180922/e2e4ce2b/attachment.html>

More information about the Whonix-devel mailing list