Friday, December 16, 2016

[udcchqhe] Argon2 4TB limit

The Argon2 password hashing algorithm has a hardcoded 4 terabyte (tebibyte) maximum limit of memory it can be specified to use.  This seems like a terrible idea -- the limit (if any) should be much higher.  Can Argon2 be easily extended to use more memory?

There are computers right now that have over 4 TB of RAM (granted, they are supercomputers) and that much RAM or more will likely become more accessible in the near future.  (The addressable limit -- currently 8 TB for amd64 -- will also likely increase.)  Furthermore, even if they don't become commonplace, an organization for whom security is very important might get a single expensive computer dedicated to password hashing, making attacking a hashed password very expensive for adversaries.

Repeating the Bill Gates mistake: N units [of memory] should be enough for everyone.

No comments :