Synopsis
The variant of Argon2 algorithm to use (between I, D and ID).
Description
Argon2D maximizes resistance to GPU cracking attacks. Argon2I is optimized to resist side-channel attacks. Argon2ID is a hybrid version that combines both approaches and has stronger resistance to attacks, but it’s more expensive. By default, changes to this setting impact only newly created and updated passwords. However, if the rehash-policy is set to always or only-increase, it causes the server to recalculate each user’s password hash on their next authentication, and writes the new hash to the user’s entry on disk. Changing the variant of Argon2 algorithm to use therefore leads to a short-term spike in CPU and disk use as the server updates each user’s password when they next authenticate. Longer term, increasing this setting results in more secure passwords at the expense of much higher CPU consumption and lower throughput.
ID
Allowed values
D: Use Argon2d variant.
I: Argon2i.
ID: Argon2id.
Multi-valued
No
Required
No
Admin action required
None
Advanced
No
Read-only
No