minus-squarefaebudo@infosec.pubtoCybersecurity@sh.itjust.works•Questions about Argon2id and authentication handling overalllinkfedilinkEnglisharrow-up2·10 hours agoUse the recommemded parameters: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-argon2-04#page-11 Also consider WebauthN/Passkeys. They are much less ressource intensive on the server but useless to an attacker when the database is leaked and as such don’t rely on slowing down the crypto operations. linkfedilink
Use the recommemded parameters: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-argon2-04#page-11
Also consider WebauthN/Passkeys. They are much less ressource intensive on the server but useless to an attacker when the database is leaked and as such don’t rely on slowing down the crypto operations.