難度大致等于time_cost * memory_cost (并且可能/ parallelism)�。所以如果你0.25x的內(nèi)存成本,你應該4x時間成本���。另請參閱此答案�。
// The time parameter specifies the number of passes over the memory and the
// memory parameter specifies the size of the memory in KiB.
查看 Argon2 API 本身��。我將稍微交叉引用并使用argon2-cffi 文檔��。貌似go接口在底層使用了C-FFI(外來函數(shù)接口) �,所以protoype應該是一樣的。
Parameters
time_cost (int) – Defines the amount of computation realized and therefore the execution time, given in number of iterations.
memory_cost (int) – Defines the memory usage, given in kibibytes.
parallelism (int) – Defines the number of parallel threads (changes the resulting hash value).
hash_len (int) – Length of the hash in bytes.
salt_len (int) – Length of random salt to be generated for each password.
encoding (str) – The Argon2 C library expects bytes. So if hash() or verify() are passed an unicode string, it will be encoded using this encoding.
type (Type) – Argon2 type to use. Only change for interoperability with legacy systems.
事實上�����,如果我們查看 Go 文檔:
// The draft RFC recommends[2] time=1, and memory=64*1024 is a sensible number.
// If using that amount of memory (64 MB) is not possible in some contexts then
// the time parameter can be increased to compensate.
//
// The time parameter specifies the number of passes over the memory and the
// memory parameter specifies the size of the memory in KiB. For example
// memory=64*1024 sets the memory cost to ~64 MB. The number of threads can be
// adjusted to the numbers of available CPUs. The cost parameters should be
// increased as memory latency and CPU parallelism increases. Remember to get a
// good random salt.
我不是 100% 清楚線程數(shù)的影響,但我相信它確實并行化了散列�����,并且像任何多線程作業(yè)一樣���,這減少了大約1/NN 個內(nèi)核所花費的總時間���。顯然,您應該將并行度設置為 cpu count�����。
