PHP Argon2 benchmark

agron2_benchmark.php

<?php
/**
 * Password Argon2 Hash Benchmark
 * Argon2 is available since PHP 7.2 
 *
 * Just upload this script to your server and run it, either through CLI or by calling it in your browser.
 *
 * See Argon2 specs https://password-hashing.net/argon2-specs.pdf chapter 9 Recommended Parameters
 */
// Upper time limit to check
$upperTimeLimit = 2500;

$threads = [1, 2, 4];

$time_cost_min = 1;
$time_cost_max = 8;

$memory_cost_min = 1 << 10; // 1 MB
$memory_cost_max = 1 << 18; // 256 MB

$password = 'this_is_just_a_long_string_to_test_on_U8WNZqmz8ZVBNiNTQR8r';

if (php_sapi_name() !== 'cli' ) echo "<pre>";
echo "\nPassword ARGON2 Benchmark";
echo "\nWill run until the upper limit of {$upperTimeLimit}ms is reached for each thread value";
echo "\n\nTimes are expressed in milliseconds.";

$start = microtime(true);
$hash = password_hash($password, PASSWORD_ARGON2I);
$time = round((microtime(true) - $start) * 1000);
echo "\n\n\nTime with default settings: {$time}ms";
echo "\nHash = $hash";

foreach($threads as $thread) {
    echo "\n\n\n=Testing with $thread threads";
    echo "\n m_cost (MB) ";
    for ($m_cost = $memory_cost_min; $m_cost <= $memory_cost_max; $m_cost *= 2) {
        $m_cost_mb = $m_cost / 1024;
        echo '|' . str_pad($m_cost_mb, 5, ' ', STR_PAD_BOTH);
    }
    echo "\n             =====================================================";
    for ($time_cost = $time_cost_min; $time_cost <= $time_cost_max; $time_cost++) {
        echo "\n t_cost=$time_cost    ";
        for ($m_cost = $memory_cost_min; $m_cost <= $memory_cost_max; $m_cost *= 2) {
            
            $start = microtime(true);
            password_hash($password, PASSWORD_ARGON2I, [
                'memory_cost' => $m_cost,
                'time_cost'   => $time_cost,
                'threads'     => $thread,
            ]);
            $time = round((microtime(true) - $start) * 1000);
            
            if ($time < $upperTimeLimit) {
                echo '|' . str_pad($time, 5, ' ', STR_PAD_BOTH);
            } else {
                echo '|' . str_pad(">LIM", 5, ' ', STR_PAD_BOTH);
                $m_cost = $memory_cost_max;
                $time_cost = $time_cost_max;
            }
            
        }
    }
}
echo "\n\n";

if (php_sapi_name() !== 'cli' ) echo "</pre>";

Here is an example output:

Password ARGON2 Benchmark
Will run until the upper limit of 2500ms is reached for each thread value

Times are expressed in milliseconds.


Time with default settings: 3ms
Hash = $argon2i$v=19$m=1024,t=2,p=2$djBoQmxvUFd1RXp3V3k3bA$rs6HJgR0gsws8eBvYdtAchbkH5DODFnprHaiED+uaqk


=Testing with 1 threads
 m_cost (MB) |  1  |  2  |  4  |  8  | 16  | 32  | 64  | 128 | 256
             =====================================================
 t_cost=1    |  1  |  2  |  5  | 10  | 24  | 46  | 90  | 188 | 348
 t_cost=2    |  2  |  4  |  8  | 18  | 39  | 75  | 145 | 295 | 636
 t_cost=3    |  3  |  6  | 12  | 26  | 53  | 102 | 209 | 473 | 926
 t_cost=4    |  5  |  9  | 30  | 56  | 78  | 147 | 309 | 567 |1233
 t_cost=5    |  4  |  9  | 19  | 40  | 79  | 165 | 359 | 690 |1372
 t_cost=6    |  5  | 12  | 23  | 49  | 93  | 198 | 399 | 781 |1777
 t_cost=7    |  6  | 14  | 29  | 53  | 118 | 259 | 508 |1036 |2206
 t_cost=8    |  8  | 16  | 33  | 82  | 179 | 294 | 528 |1185 |2344


=Testing with 2 threads
 m_cost (MB) |  1  |  2  |  4  |  8  | 16  | 32  | 64  | 128 | 256
             =====================================================
 t_cost=1    |  2  |  5  |  5  | 14  | 21  | 44  | 76  | 166 | 314
 t_cost=2    |  8  |  5  | 14  | 20  | 29  | 49  | 92  | 243 | 375
 t_cost=3    |  4  |  5  |  9  | 22  | 43  | 79  | 144 | 277 | 548
 t_cost=4    |  8  | 12  | 23  | 39  | 52  | 98  | 173 | 318 | 700
 t_cost=5    |  6  | 10  | 22  | 36  | 55  | 104 | 209 | 445 | 905
 t_cost=6    | 14  | 18  | 36  | 50  | 84  | 136 | 243 | 470 | 972
 t_cost=7    |  9  | 13  | 28  | 46  | 81  | 158 | 339 | 697 |1249
 t_cost=8    | 10  | 18  | 37  | 56  | 100 | 175 | 314 | 669 |1301


=Testing with 4 threads
 m_cost (MB) |  1  |  2  |  4  |  8  | 16  | 32  | 64  | 128 | 256
             =====================================================
 t_cost=1    |  2  |  3  |  4  | 12  | 18  | 31  | 55  | 89  | 193
 t_cost=2    |  3  |  4  |  7  | 12  | 25  | 45  | 83  | 151 | 314
 t_cost=3    |  4  |  6  |  8  | 16  | 30  | 46  | 84  | 179 | 379
 t_cost=4    |  6  |  7  | 14  | 28  | 41  | 70  | 136 | 247 | 510
 t_cost=5    |  7  |  9  | 17  | 27  | 44  | 83  | 169 | 262 | 560
 t_cost=6    |  9  | 11  | 24  | 32  | 51  | 101 | 162 | 291 | 611
 t_cost=7    | 10  | 13  | 22  | 33  | 63  | 90  | 162 | 349 | 692
 t_cost=8    | 11  | 15  | 27  | 48  | 62  | 114 | 200 | 395 | 784

Results on Linode 1GB - 1CPU

Password ARGON2 Benchmark
Will run until the upper limit of 2500ms is reached for each thread value

Times are expressed in milliseconds.


Time with default settings: 4ms
Hash = $argon2i$v=19$m=1024,t=2,p=2$cXJiMGpaRVBBajFiZml5cQ$hhIj9JiTcBVZKYNuZDKyictTA0g4uZFlDroDGFmNiwE


=Testing with 1 threads
 m_cost (MB) |  1  |  2  |  4  |  8  | 16  | 32  | 64  | 128 | 256 
             =====================================================
 t_cost=1    |  1  |  3  | 10  | 13  | 29  | 65  | 127 | 273 | 759 
 t_cost=2    |  3  |  5  | 10  | 21  | 44  | 103 | 215 | 433 | 934 
 t_cost=3    |  4  |  7  | 14  | 30  | 65  | 148 | 296 | 616 |1271 
 t_cost=4    |  5  |  9  | 19  | 38  | 82  | 186 | 391 | 799 |1653 
 t_cost=5    |  6  | 11  | 23  | 48  | 105 | 229 | 475 |1101 |2141 
 t_cost=6    |  7  | 13  | 28  | 57  | 126 | 275 | 563 |1425 |2446 
 t_cost=7    |  8  | 16  | 32  | 66  | 141 | 315 | 679 |1350 |>LIM 


=Testing with 2 threads
 m_cost (MB) |  1  |  2  |  4  |  8  | 16  | 32  | 64  | 128 | 256 
             =====================================================
 t_cost=1    |  2  |  3  |  5  | 11  | 24  | 62  | 126 | 258 | 525 
 t_cost=2    |  3  |  5  | 10  | 20  | 42  | 105 | 221 | 433 | 888 
 t_cost=3    |  5  |  8  | 15  | 30  | 72  | 151 | 303 | 638 |1349 
 t_cost=4    |  6  | 12  | 21  | 42  | 87  | 213 | 408 | 916 |1657 
 t_cost=5    |  8  | 13  | 25  | 49  | 101 | 240 | 474 | 981 |2110 
 t_cost=6    | 10  | 16  | 30  | 62  | 133 | 293 | 616 |1257 |>LIM 


=Testing with 4 threads
 m_cost (MB) |  1  |  2  |  4  |  8  | 16  | 32  | 64  | 128 | 256 
             =====================================================
 t_cost=1    |  2  |  3  |  6  | 12  | 25  | 63  | 128 | 269 | 531 
 t_cost=2    |  4  |  6  | 11  | 22  | 46  | 107 | 217 | 439 | 907 
 t_cost=3    |  6  |  9  | 17  | 32  | 68  | 150 | 312 | 644 |1278 
 t_cost=4    |  8  | 13  | 22  | 64  | 182 | 409 | 452 | 880 |1716 
 t_cost=5    |  9  | 15  | 27  | 55  | 110 | 264 | 484 | 982 |2043 
 t_cost=6    | 11  | 18  | 32  | 63  | 130 | 287 | 583 |1177 |2426 
 t_cost=7    | 13  | 21  | 39  | 73  | 150 | 330 | 681 |1353 |>LIM 

Thought I'd let you know - the filename is misnamed, you spelled agron2 and not argon2!