Key Stretching

The password input is passed through a key stretching function before being used in the OPRF. The key stretching function is argon2id (opens in a new tab). Depending on the application these parameters can be adjusted using param keyStretching in the opaque.client.startRegistration and opaque.client.startLogin functions.

Available options are:

Memory constrained (default)

This is the default in case the option is omitted. It is based on the recommendation for memory-constrained environments in the Argon2 RFC (opens in a new tab). It was chosen as a default based on this feedback (opens in a new tab).

Parameters:

• Memory: 2^16
• Iterations: 3
• Parallelism: 4

{
  keyStretching: "memory-constrained";
}

Note: This configuration is faster, but less secure. client.finishRegistration and client.finishLogin each take around 1 seconds to complete on a MacBook Pro M1, 2020, 16 GB Memory.

RFC Draft Recommended

This options is based on the recommendation in the Configurations section in the OPAQUE protocol (opens in a new tab) with the exception that the memory is set to (2^21)-1 instead of (2^21) since we noticed (2^21) caused it to crash when running the registration in a browser environment.

Parameters:

• Memory: 2^21-1
• Iterations: 1
• Parallelism: 4

{
  keyStretching: "rfc-draft-recommended";
}

Note: This configuration is the most secure but also the slowest. client.finishRegistration and client.finishLogin each take around 13 seconds to complete on a MacBook Pro M1, 2020, 16 GB Memory.

Custom

You can also provide custom parameters for the key stretching function. The parameters are passed directly to the argon2id function. In case you provide an invalid configuration, the function will throw an error.

const memory = 65536;
const iterations = 3;
const parallelism = 1;
{
  keyStretching: {
    "argon2id-custom": {
      memory,
      iterations,
      parallelism,
    },
  };
}