From 6ab5b257e3ae766416a433e2871dc316c452dd74 Mon Sep 17 00:00:00 2001
From: Samuel Lucas <63159663+samuel-lucas6@users.noreply.github.com>
Date: Sat, 11 May 2024 14:50:00 +0100
Subject: [PATCH] Constants.cs: Reduce the Argon2id memory size to 256 MiB.

And update the specification. See https://github.com/LoupVaillant/Monocypher/issues/274.

With libsodium, 512 MiB and 3 iterations provides a reasonable delay on my desktop and M1 MacBook Air. With Monocypher, the delay is ~1 second on my desktop. However, it's ~10 seconds on an M1 MacBook with Low Power Mode and ~6 seconds without. That's unusably bad. That's even too much delay for disk encryption. Dropping to 256 MiB with 3 iterations will be ~5 seconds with Low Power Mode and ~3 seconds without, which is somewhat acceptable. Multiple iterations is preferable imo.

I went with Monocypher to avoid the vcruntime requirement with libsodium on Windows, which is problematic for portable/self-contained applications. I also wanted to play around with another library. However, this is a good example of where security would be improved by using libsodium due to its superior performance.
---
 README.md              | 2 +-
 src/Cahir/Constants.cs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index a1caf66..20dd833 100644
--- a/README.md
+++ b/README.md
@@ -106,7 +106,7 @@ masterKey = Argon2id(password, salt, memorySize, passes, parallelism)
 - `identity`: the UTF-8 encoding of the `-i, --identity` string (1+ bytes).
 - `password`: the UTF-8 encoding of the `-p, --password` or interactively entered password string, which cannot be empty and is limited to 128 characters, or the bytes stored in the `-f, --password-file` file (1-387 bytes).
 - `salt`: the salt derived above (32 bytes).
-- `memorySize`: 512 MiB.
+- `memorySize`: 256 MiB.
 - `passes`: 3 passes.
 - `parallelism`: 1 lane.
 
diff --git a/src/Cahir/Constants.cs b/src/Cahir/Constants.cs
index ad83ab2..4fe40de 100644
--- a/src/Cahir/Constants.cs
+++ b/src/Cahir/Constants.cs
@@ -16,7 +16,7 @@ public static class Constants
     public const int KeySize = 32;
     public const int SaltSize = 32;
     public const int CRYPTO_ARGON2_ID = 2;
-    public const int Argon2MemorySize = 536870912; // 512 MiB
+    public const int Argon2MemorySize = 268435456; // 256 MiB
     public const int Argon2BlockSize = 1024;
     public const int Argon2Passes = 3;
     public const int Argon2Lanes = 1;