libpasta > Advanced Usage > Tuning & Parameter Selection

Tuning & Parameter Selection

libpasta comes with a set of secure default algorithm and parameter choices. However, there is no single set of parameters which is suitable for all purposes and we provide tools to help with parameter selection.

These tools also have the benefit of working as a benchmarking platform for the target system; if the system performs significantly worse than the expected times, this could result in suboptimal, or even insecure, parameters selected.

Currently, running tune -h gives the following output:

$ tune -h
tune 0.0.1
Sam Scott
libpasta tuning tool

USAGE:
    tune [FLAGS] [OPTIONS]

FLAGS:
    -h, --help       Prints help information
    -p, --print      Output the final result in the configuration file format
    -V, --version    Prints version information
    -v, --verbose    Print test information verbosely

OPTIONS:
    -a, --algorithm <algorithm>    Choose the algorithm to tune (default: argon2i) [values: argon2i, bcrypt, scrypt]
    -t, --target <target>          Set the target number of verifications per second to support (defaut: 2)

Running simple tune will benchmark various parameter choices (for the default options) until optimal values are found. Configuration options include the algorithm to target, and the default number of logins per second to be supported.

Finally, the -p flag can be used to produce a libpasta-compatible configuration file.

$ tune -a scrypt -p
CPU speed: 2800
Predicted maximum parameter: 17, with time: 0.437s
logN = 5, parallel = 1, read size = 8 ~> memory = 33 KiB 0.0001 s (estimated: 0.0001 s)
logN = 6, parallel = 1, read size = 8 ~> memory = 65 KiB 0.0002 s (estimated: 0.0002 s)
logN = 7, parallel = 1, read size = 8 ~> memory = 129 KiB 0.0004 s (estimated: 0.0004 s)
...
logN = 16, parallel = 1, read size = 8 ~> memory = 65537 KiB 0.1791 s (estimated: 0.2186 s)
logN = 17, parallel = 1, read size = 8 ~> memory = 131073 KiB 0.3581 s (estimated: 0.4372 s)
logN = 18, parallel = 1, read size = 8 ~> memory = 262145 KiB 0.7151 s (estimated: 0.8743 s)
Maximum amount of memory (capped at 2036080 KiB) to achieve < 0.50 s hash = 131088 KiB
Recommended: SCrypt, N: 131072, r: 8, p: 1
Default:     SCrypt, N: 16384, r: 8, p: 1

Algorithm in configuration format:
---
default: Custom
primitive: 
  id: "scrypt-mcf"
  params: 
    log_n: "17"
    r: "8"
    p: "1"

There are a few interesting things to observe from the output. First of all, notice that the algorithm estimated maximum parameter choice to be 14, taking 0.055s, which is extremely close to the eventual value. This is a sense-check to ensure the system does not perform unexpectedly slow, which might indicate there is another process running which is consuming CPU time and skewing the benchmarks.

We left the target number of logins/second (the -t flag) at the default value of 2. This is the recommended amount for interactive logins, such as for websites. For offline applications, for example key derivation for disk encryption, a better value is 1 login every 3 seconds, so -t 0.33.