1. 13
  1. 3

    These are good points. You might now need something to reject clients with repeated failed password attempts to preserve your resources.

    If you doubt this, try running a stub IMAP server open to internet with argon2id for authentication.

    1. 1

      PBKDF2 and bcrypt may be brute-forced before too long.

      [Citation Needed]

      What makes you say that? Both KDFs can have their iterations cranked up to increase complexity, and they are designed to prevent parallelization so you have to compute each iteration sequentially.

      1. 1

        RFC8018 is fairly readable even if you’re not familiar with crypto math; the iteration function is forced to be serialized by making the output of the previous iteration the input of the next.

      2. 1

        Nice reminder. Another related stackoverflow I found after reading is also worth checking out: https://stackoverflow.com/a/401684/2199393