Argon2id

ktrc · April 4, 2026, 8:11am

What is recommended argon2id parameters this 2026? Transformation rounds, memory usage, parallelism.

maqp · April 4, 2026, 9:01am

The time of “is 100k iterations in 2026 enough” that we had to live with wrt PBKDF2 are over. We can finally have timeless advice:

First select the key derivation time that you can bear. 3-4 seconds is good for disk encryption etc.

Then use as much memory as you can spare taking into account how much you think will be available whenever you’re going to derive the keys. If you have constantly 100 tabs open, you can’t max it out.

Then benchmark key derivation starting from 1, increase it until you’re at the desired key derivation time.

If some time cost t is less than your desired time, and another time cost t+1 is higher than your desired time, select t+1 and lower the memory until key derivation time is good.

If time cost 1 takes too long with your top of the range memory cost, lower memory cost until you hit the desired zone.

Remember, memory cost is king here. That’s what’s capping attacker’s ability to run parallel attacks. Not time-cost which is just iterations; Memory has linear cost for RAM sticks, time cost only has linear cost for seconds and thus, electricity bill. Doubling even an overkill value like 1kWh / password thrice still is fractions of peanuts compared to doubling RAM thrice, from 4GB to 32GB. And at that point, every doubling of crunching power doubles the 300 USD price for RAM alone in the HW.

For parallelism, use either all or all-1 of the threads in your computer. This does not matter. You can set it to say 32 and have a single-core CPU shuffle 32 threads provided there’s enough RAM. It’s just >32 times slower if you ever have to open it on a single core CPU (extra overhead from task switching that also takes time).

But what will ultimately set the security, is your password entropy. Ensure it’s never <90, preferably never <128 bits, and you’re fine.

Use Argon2id in password manager to store other strong passwords.

hakavlad · April 4, 2026, 12:03pm

Are you user or dev? Are you selecting parameters for yourself or for the application you are developing?

ktrc · April 4, 2026, 12:26pm

A user. Selecting parameters for my self

ktrc · April 4, 2026, 12:27pm

Thank you for the answer

Topic		Replies	Views
Bitwarden new Argon2id KDF Questions	1	439	February 16, 2023
Maxium security for accounts Questions	2	297	May 4, 2025
Suggest changing KDF in the Bitwarden recommendation Site Development completed	6	1365	August 23, 2024
Pin complexity reccomendations for fido2 keys General	4	560	June 6, 2024
ZFS doesn't support argon2id and uses PBKDF2 instead for native encryption General software	6	579	August 2, 2025

Argon2id

Related topics