createArgon2idKdf function
Creates a custom Argon2id KDF with specified parameters.
Use this to tune Argon2id performance for your specific environment.
Parameters:
parallelism: Number of threads to use (1-224). Higher = more CPU cores used. Recommended: 1 for tests, 2-4 for production. Default: 4.memoryInKB: Memory usage in KB (minimum 8×parallelism). Higher = more secure. Common values: 32768 (32 MB), 65536 (64 MB), 131072 (128 MB). Default: 65536.iterations: Number of iterations (minimum 1). Higher = slower but more secure. Recommended: 2-4. Default: 3.hashLength: Output hash length in bytes. Default: 32.onDeriveComplete: Optional callback for performance monitoring.
Performance Tuning Examples:
// For tests - fast, deterministic (no isolates)
final testKdf = createArgon2idKdf(parallelism: 1, memoryInKB: 32768);
// For low-resource servers (1-2 cores)
final lowResourceKdf = createArgon2idKdf(parallelism: 1, memoryInKB: 32768);
// For standard servers (4-8 cores, moderate load)
final standardKdf = createArgon2idKdf(parallelism: 2, memoryInKB: 65536);
// For high-performance servers (8+ cores, dedicated)
final highPerfKdf = createArgon2idKdf(parallelism: 4, memoryInKB: 131072);
// With performance monitoring
final monitoredKdf = createArgon2idKdf(
parallelism: 4,
memoryInKB: 65536,
onDeriveComplete: (ms) => print('Argon2id took ${ms}ms'),
);
Security vs Performance Trade-offs:
- Higher parallelism = faster with multiple cores, but more resource usage
- Higher memory = more GPU-resistant, but more RAM usage
- Higher iterations = more secure, but slower
See PROFILING.md for detailed tuning guidance.
Implementation
Argon2idKdf createArgon2idKdf({
int parallelism = 4,
int memoryInKB = 65536,
int iterations = 3,
int hashLength = 32,
void Function(int durationMs)? onDeriveComplete,
}) {
return Argon2idKdf(
name: 'argon2id-p${parallelism}m${memoryInKB}i$iterations',
argon2: Argon2id(
parallelism: parallelism,
memory: memoryInKB,
iterations: iterations,
hashLength: hashLength,
),
onDeriveComplete: onDeriveComplete,
);
}