Last updated on December 29th, 2022

## bscrypt (best)

m=256 (256 KiB), t=9, p=1
m=256 (256 KiB), t=5, p=2
m=256 (256 KiB), t=3, p=3

In general:
m=highest per core cache level in KiB
t≥max(2, 21,000,000,000/10,000/1024/m/p)
p≤cores
Based on the soon to be released RTX 4070 Ti

## bcrypt

Cost 9

Based on RTX 4090 as "1.5 GPUs"

## Argon2

Argon2{id,d}: m=47104 (46 MiB), t=1, p=1
Argon2{id,d}: m=19456 (19 MiB), t=2, p=1
Argon2: m=12288 (12 MiB), t=3, p=1
Argon2: m=9216 (9 MiB), t=4, p=1
Argon2: m=7168 (7 MiB), t=5, p=1

In general:
Argon2i: m≥93,750/(3*t-1)*α, t≥3, p=1
Argon2{id,d}: m≥93,750/(3*t-1)*α, t≥1, p=1
Based on RX 7900 XTX's memory bandwidth: 93,750 = 960,000,000,000/10,000/1024
For low memory usage (≲64 MiB) α≈95%. Once memory usage is high enough α drops proportional to memory increase.

## scrypt

N=2^17 (128 MiB), r=8, p=1
N=2^16 (64 MiB), r=8, p=2
N=2^15 (32 MiB), r=8, p=3
N=2^14 (16 MiB), r=8, p=5
N=2^13 (8 MiB), r=8, p=10

In general:
scrypt: N≥600000/r/p*α, r=8, p≥1
Based on RX 7900 XTX's memory bandwidth: 600,000 = 960,000,000,000/10,000/128/1.25
For low memory usage (≲64 MiB) α≈95%. Once memory usage is high enough α drops proportional to memory increase.

## Parallel PBKDF2

PPBKDF2-SHA512: cost 2 (Based on RTX 4090 as "1.5 GPUs")
PPBKDF2-SHA256: cost 5 (Based on RTX 4090 as "1.5 GPUs")
PPBKDF2-SHA1: cost 10 (Based on RTX 4090 as "1.5 GPUs")

## PBKDF2 (worst)

PBKDF2-HMAC-SHA512: 210,000 iterations (Based on RTX 4090 as "1.5 GPUs")
PBKDF2-HMAC-SHA256: 600,000 iterations (Based on RTX 4090 as "1.5 GPUs")
PBKDF2-HMAC-SHA1: 1,300,000 iterations (Based on RTX 4090 as "1.5 GPUs")

## Info

Hashing algorithms are ordered best to worst. When in doubt "just use bcrypt". Only use PBKDF2 if you must use it. PBKDF2 is a bad algorithm because it is slow for the defender and fast for the attacker.

Minimum good password settings for authentication cause an attacker to get <10 kH/s/GPU. A "GPU" is a current high-end but not super high-end GPU due to diminishing returns in performance per cost. Basically a GPU with an MSRP of about \$700 in 2015 USD (which is about \$900 in 2022). Currently a "GPU" is one of the following: an RTX 4070 Ti, 2/3 speed of an RTX 4090, or an RX 7900 XTX.

Super high-end cards used to be 1.5x-2x the price and 25%-50% faster (ie diminishing returns) but the RTX 4090 is the best performance per cost GPU (about 16% higher than an RTX 4070 Ti). Since the RTX 4090 vs the RTX 4070 Ti is 4 vs 3 slots (1.33x and 2x vs older generations), 450 vs 285 watts (1.58x), and \$1600 vs \$900 (1.78x), I'm going to call the RTX 4090 "1.5 GPUs". Also you can easily put two RTX 4090s vs three RTX 4070 Ti in a case with a standard power supply. I debate on whether to ignore the RTX 4090 or call it 1 to 2 GPUs. I settled with calling it 1.5 GPUs.

If the RTX 4090 is considered as a single GPU then bcrypt in increases to cost 10 ("9.3" up from "8.7"). Argon2 increases to 49 MiB (t=1), 20 MiB (t=2), and 13 MiB (t=3). PPBKDF2 increases to cost 3 (SHA512), cost 7 (SHA256), and cost 15 (SHA1). PBKDF2 increases to 320,000 (SHA512); 890,000 (SHA256); and 2,000,000 (SHA1). And everything else stays the same.