PHP7中的Argon2i-选择适当的选项 [英] Argon2i in PHP7 - Picking Appropriate Options
问题描述
我应该使用什么值来生成Argon2i散列值,以及如何找到硬件可以承受的适当设置?
What values should I use for generating Argon2i hashes and how can I find the appropriate settings my hardware can afford?
即:
memory_cost
time_cost
threads
为:
$options = [
'memory_cost' => 1<<17,
'time_cost' => 4,
'threads' => 3,
];
$hash = password_hash('test', PASSWORD_ARGON2I, $options);
在PHP文档中有一个简单的脚本为bcrypt散列找到合适的成本值.如何将其安装到Argon2?
There is a simple script in PHP docs for finding the appropriate cost value for bcrypt hashes. How can this be fitted for Argon2?
推荐答案
来自: PHP RFC Argon2
发件人:
由于PHP所基于的平台多种多样,因此将成本因素故意设置得较低,以便在使用默认成本参数时不会意外耗尽共享或低资源系统上的系统资源.因此,用户应调整成本因素以匹配他们正在使用的系统.以下列表概述了使用这些默认成本值的各种系统上的哈希性能.
Due to the variety of platforms PHP runs on, the cost factors are deliberately set low as to not accidentally exhaust system resources on shared or low resource systems when using the default cost parameters. Consequently, users should adjust the cost factors to match the system they're working on. The following list outlines hashing performance on various systems using these default cost values.
Common Cloud Server 512 MB, 1 Core: 3-5 ms
Common Cloud Server 2 GB, 2 Core, 1-3 ms
512 MB Raspberry Pi Zero: 75-85ms
由于Argon2没有任何坏"值,因此,消耗更多的资源被认为比消耗更少的资源更好.鼓励用户调整其开发平台的成本因素.
As Argon2 doesn't have any "bad" values, however consuming more resources is considered better than consuming less. Users are encouraged to adjust the cost factors for the platform they're developing for.
线程
argon2纸提供了以下过程(释义)来确定您要使用的参数应该使用:
The argon2 paper gives the following procedure (paraphrased) for determining the parameters you should use:
- 弄清楚可以使用多少个线程,相应地选择$ h $.
- 弄清楚可以使用多少内存,并相应地选择$ m $.
- 确定您可以花费的最大时间$ x $,选择最大的$ t $,以使系统和其他参数选择花费的时间少于$ x $.
即他们建议您在系统上运行它,并确定与您的内存和处理器使用时间限制相匹配的最大参数.
I.e. they recommend you run it on your system and decide the largest parameters that match your limits on memory and processor time use.
摘自Argon 2规范.
并行度
p确定可以运行多少个独立(但同步)的计算链.它可能需要1到2 ^ 24 -1
Degree of parallelism
pdetermines how many independent (but synchronizing) computational chains can be run. It may take any integer value from 1 to 2^24 -1
内存大小m可以是从8p到2 ^ 32的任何整数千字节
-1.实际的块数是m′,它是m向下舍入到4p的最接近倍数.
Memory size m can be any integer number of kilobytes from 8p to 2^32
−1. The actual number of blocks is m′, which is m rounded down to the nearest multiple of 4p.
迭代次数t(用于独立于内存大小调整运行时间)可以是1到2 ^ 32 -1之间的任何整数
Number of iterations t (used to tune the running time independently of the memory size) can be any integer number from 1 to 2^32 -1
其他文学作品
计算出每次调用Argon2(并行度)可以使用多少个线程.他们建议使用专用于散列密码的核心数量两倍.
Figure out how many threads can be used on each call to Argon2 (parallelism). They recommend twice as many as the number of cores dedicated to hashing passwords.
弄清楚每个呼叫可以花费多长时间.一致的用户登录的一种建议是将其保持在0.5毫秒以下.
Figure out how long each call can take. One recommendation for concurent user logins is to keep it under 0.5ms.
使用您选择的参数测量哈希时间.查找您所计算的时间内的time_cost.如果time_cost = 1花费的时间太长,请降低memory_cost.
Measure the time for hashing using your chosen parameters. Find a time_cost that is within your accounted time. If time_cost=1 takes too long, lower memory_cost.
结论:
因此从上述摘录中看来,您想要的目标是0.5ms的时间跨度,该时间跨度由PHP microtime测量,就像在BCrypt示例中一样.
然后,您可以将线程的数量设置为CPU正在运行的内核数量的两倍,因此对于4core处理器,则说8.
Conclusion:
So from the above extracts it seems that you want to aim for a timespan of 0.5ms as measured by PHP microtime just like in the BCrypt example.
Then you can set the number of threads as being twice the number of cores your CPU is running, so say 8 for a 4core processor.
然后,您应该能够使用以上两个值来进行一系列测试,以找到 memory_cost 的有效第三个值.
You should then be able to run a series of tests with these above two values to find a valid third value for memory_cost.
在服务器上运行一些测试,以查看服务器可以轻松管理的内容. 探索如果此CLI可以帮忙.
Run some tests on your server to see what the server can comfortably manage. Explore if this CLI can help.
按照上面引号中的顺序(在 线程 下)更改三个变量,因此可以使用较大的迭代计数来调整内存.
Change the three variables in the order set out in the quote above (under Threads), so adjust memory over using large iteration counts.
简而言之,我们不能为您提供最佳建议"指南,因为它取决于具体规格.您打算在...上运行它
In short we can't give you a "best advice" guide because it depends on what spec. you're intending to run this on...
这篇关于PHP7中的Argon2i-选择适当的选项的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
