Key Stretching
The password input is passed through a key stretching function before being used in the OPRF. The key stretching function is argon2id
(opens in a new tab). Depending on the application these parameters can be adjusted using param keyStretching
in the opaque.client.startRegistration
and opaque.client.startLogin
functions.
Available options are:
Memory constrained (default)
This is the default in case the option is omitted. It is based on the recommendation for memory-constrained environments in the Argon2 RFC (opens in a new tab). It was chosen as a default based on this feedback (opens in a new tab).
Parameters:
- Memory: 2^16
- Iterations: 3
- Parallelism: 4
{
keyStretching: "memory-constrained";
}
Note: This configuration is faster, but less secure. client.finishRegistration
and client.finishLogin
each take around 1 seconds to complete on a MacBook Pro M1, 2020, 16 GB Memory.
RFC Draft Recommended
This options is based on the recommendation in the Configurations section in the OPAQUE protocol (opens in a new tab) with the exception that the memory is set to (2^21)-1 instead of (2^21) since we noticed (2^21) caused it to crash when running the registration in a browser environment.
Parameters:
- Memory: 2^21-1
- Iterations: 1
- Parallelism: 4
{
keyStretching: "rfc-draft-recommended";
}
Note: This configuration is the most secure but also the slowest. client.finishRegistration
and client.finishLogin
each take around 13 seconds to complete on a MacBook Pro M1, 2020, 16 GB Memory.
Custom
You can also provide custom parameters for the key stretching function. The parameters are passed directly to the argon2id
function. In case you provide an invalid configuration, the function will throw an error.
const memory = 65536;
const iterations = 3;
const parallelism = 1;
{
keyStretching: {
"argon2id-custom": {
memory,
iterations,
parallelism,
},
};
}