On Mon, Mar 25, 2019 at 10:18 PM Sara Golemon <poll...@php.net> wrote:
> ...snip... > So that's a long winded way of asking, does anyone see an issue with upping > the default time cost for argon2 to a higher number? (e.g. "3") > ...snip... > The only negative impact is that password hashing becomes a slightly more > expensive task. Where "slightly" means 3ms instead of 2ms on my Linux VM > running on my 2 core Mac laptop. > Thanks for tackling this work, Sara. As has been said, "whatever cost people choose should be reevaluated from time to time." [1] Now's as good a time as any. I have no objection. bishop [1]: https://www.usenix.org/legacy/publications/library/proceedings/usenix99/provos/provos_html/node6.html
