It makes way more sense to implement an auth cooldown over increasing the server load for a single action. I can't speak on the ideal settings for Argon2id, but I like to think the defaults are fine in most cases.
And increasing the hash size, to mitigate collusions? I would assume that it takes much longer to find collusions that result in a specific password's hash, if there are more digit amounts, correct?
Use the recommemded parameters: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-argon2-04#page-11
Also consider WebauthN/Passkeys. They are much less ressource intensive on the server but useless to an attacker when the database is leaked and as such don't rely on slowing down the crypto operations.
Cybersecurity
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world