Modern password hashing remains a critical defense against credential cracking, yet the transition from theoretically secure algorithms to robust real-world implementations remains fraught with challenges. This paper presents a dual analysis of Argon2, the Password Hashing Competition winner, combining attack simulations quantifying how parameter configurations impact guessing costs under realistic budgets, with the first large-scale empirical study of Argon2 adoption across public GitHub software repositories. Our economic model, validated against cryptocurrency mining benchmarks, demonstrates that OWASP's recommended 46 MiB configuration reduces compromise rates by 42.5% compared to SHA-256 at \$1/account attack budgets for strong user passwords. However, memory-hardness exhibits diminishing returns as increasing allocations to RFC 9106's 2048 MiB provides just 23.3% (\$1) and 17.7% (\$20) additional protection despite 44.5 times greater memory demands. Crucially, both configurations fail to mitigate risks from weak passwords, with 96.9-99.8% compromise rates for RockYou-like credentials regardless of algorithm choice. Our repository analysis shows accelerating Argon2 adoption, yet weak configuration practices: 46.6% of deployments use weaker-than-OWASP parameters. Surprisingly, sensitive applications (password managers, encryption tools) show no stronger configurations than general software. Our findings highlight that a secure algorithm alone cannot ensure security, effective parameter guidance and developer education remain essential for realizing Argon2's theoretical advantages.

翻译：现代密码哈希技术仍是抵御凭证破解的关键防线，但从理论安全算法到稳健实际应用的过渡仍充满挑战。本文对密码哈希竞赛优胜算法Argon2进行了双重分析：一方面通过攻击模拟量化实际预算下参数配置对猜测成本的影响，另一方面首次对GitHub公共软件仓库中Argon2的采用情况展开大规模实证研究。我们基于加密货币挖矿基准验证的经济模型表明，针对强用户密码在每账户1美元攻击预算下，OWASP推荐的46 MiB配置相较于SHA-256可将破解率降低42.5%。然而，内存硬度存在边际效益递减现象——将配置提升至RFC 9106标准的2048 MiB（内存需求增加44.5倍）仅能提供额外23.3%（1美元预算）和17.7%（20美元预算）的保护。关键发现是，两种配置均无法缓解弱密码风险：对于类似RockYou的弱凭证，无论采用何种算法，其破解率仍高达96.9%-99.8%。仓库分析显示Argon2采用率正在加速增长，但参数配置实践薄弱：46.6%的部署使用弱于OWASP建议的参数。令人意外的是，敏感应用（密码管理器、加密工具）并未比通用软件采用更强配置。我们的研究结果强调，仅靠安全算法无法确保安全性，有效的参数指导与开发者教育对于实现Argon2的理论优势仍至关重要。