From 5746ddb2f6b0ed0cf9f58fc718b8d258b7523d25 Mon Sep 17 00:00:00 2001
From: Jake Ginesin <jakeginesin@gmail.com>
Date: Fri, 24 Oct 2025 01:09:50 -0400
Subject: [PATCH 1/2] fix argon2id parameter selection advice

---
 cheatsheets/Password_Storage_Cheat_Sheet.md | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/cheatsheets/Password_Storage_Cheat_Sheet.md b/cheatsheets/Password_Storage_Cheat_Sheet.md
index 01ac01a943..625d0ec108 100644
--- a/cheatsheets/Password_Storage_Cheat_Sheet.md
+++ b/cheatsheets/Password_Storage_Cheat_Sheet.md
@@ -101,15 +101,12 @@ Three hashing algorithms that should be considered:
 
 [Argon2](https://en.wikipedia.org/wiki/Argon2) was the winner of the 2015 [Password Hashing Competition](https://en.wikipedia.org/wiki/Password_Hashing_Competition). Out of the three Argon2 versions, use the  Argon2id variant since it provides a balanced approach to resisting both side-channel and GPU-based attacks.
 
-Rather than a simple work factor like other algorithms, Argon2id has three different parameters that can be configured: the base minimum of the minimum memory size (m), the minimum number of iterations (t), and the degree of parallelism (p). We recommend the following configuration settings:
+Rather than a simple work factor like other algorithms, Argon2id has three different parameters that can be configured: the base minimum of the minimum memory size (m), the minimum number of iterations (t), and the degree of parallelism (p). Following the RFC standardizing Argon2id, [RFC9106](https://datatracker.ietf.org/doc/rfc9106/), we recommend the following configuration settings:
 
-- m=47104 (46 MiB), t=1, p=1 (Do not use with Argon2i)
-- m=19456 (19 MiB), t=2, p=1 (Do not use with Argon2i)
-- m=12288 (12 MiB), t=3, p=1
-- m=9216 (9 MiB), t=4, p=1
-- m=7168 (7 MiB), t=5, p=1
+- m=2097152 (2 GiB), t=1, p=1; for "a default setting for all environments"
+- m=65536 (64 MiB), t=3, p=1; for "memory-constrained environments"
 
-These configuration settings provide an equal level of defense, and the only difference is a trade off between CPU and RAM usage.
+These configuration settings provide different levels of defense, as increasing the memory parameter makes brute-force attacks harder to parallelize due to higher RAM requirements per hash. 
 
 ### scrypt
 

From b54e2b2cce3b6a79615f3f93400da7efbd3ae0b8 Mon Sep 17 00:00:00 2001
From: Jake Ginesin <jakeginesin@gmail.com>
Date: Sat, 25 Oct 2025 00:47:05 -0400
Subject: [PATCH 2/2] lint

---
 cheatsheets/Password_Storage_Cheat_Sheet.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cheatsheets/Password_Storage_Cheat_Sheet.md b/cheatsheets/Password_Storage_Cheat_Sheet.md
index 625d0ec108..eb5ba7176a 100644
--- a/cheatsheets/Password_Storage_Cheat_Sheet.md
+++ b/cheatsheets/Password_Storage_Cheat_Sheet.md
@@ -106,7 +106,7 @@ Rather than a simple work factor like other algorithms, Argon2id has three diffe
 - m=2097152 (2 GiB), t=1, p=1; for "a default setting for all environments"
 - m=65536 (64 MiB), t=3, p=1; for "memory-constrained environments"
 
-These configuration settings provide different levels of defense, as increasing the memory parameter makes brute-force attacks harder to parallelize due to higher RAM requirements per hash. 
+These configuration settings provide different levels of defense, as increasing the memory parameter makes brute-force attacks harder to parallelize due to higher RAM requirements per hash.
 
 ### scrypt