I wonder if it can be approximated how much of a security margin the new argon2 hash, winner of the password hashing competition, can give over bcrypt or PBKDF2, for an attacker using large GPU systems.
Practically speaking, if I have had a…
I am currently working on a project where I want to implement Argon2. The problem is that I dont really know a lot about it. Internet research is not really helpful, because Argon2 is only 2 years old so all that really exists are scientific papers…
I've recompiled my operating system ("LionBSD" based on FreeBSD) to use Argon2i as the default password hashing algorithm in crypt/libcrypt.
I'm wondering what the recommended number of iterations would be?
As an example, OpenBSD uses 8 iterations…
I've read the manual, and multiple articles / StackExchange posts about this topic, but still can't decide which implementation of Argon2 is best for my use case.
I want to securely encrypt passwords in a database in an unshared environment.
After…
Dan Boneh, Henry Corrigan-Gibbs, and Stuart Schechter have proposed Balloon Hashing: A Memory-Hard Function Providing Provable Protection Against Sequential Attacks (in proceedings of AsiaCrypt 2016). Taking the abstract at face value, it is a blow…
Does the recent Balloon hashing paper and the included attack on Argon2 effectively negate the result of the Password Hashing Competition? On one hand it seems that only a constant-factor improvement has been achieved, which is rarely critical in…
I've been reading up on Argon2 (and, to a lesser extent, other recent password hashers). I'm trying to understand why it won the competition versus the other finalists, like Catena, Lyra2, Makwa or Yescrypt.
Unfortunately, I don't see much technical…
I just started using the libsodium port for .net today and the output length parameter kind of confused me (I'm using the argon2i implementation).
With my limited exposure to hashing, whatever hash algorithm I've used have always returned a constant…
(I realize this is yet another Argon2 "how do I configure" question, but the existing questions I've found don't really help. If I've missed one, happy to have this closed).
Deploying Argon2 (with the Argon2id variant) into a server environment to…
I was wondering why most "normal/unsafe" crypto hashes like SHA-256, SHA-512, Whirlpool, RipeMD-160, MD5, etc. are HEX encoded.
But most "secure" crypto hashes (KDF' ) like bcrypt and scrypt are Base64 encoded. Why?
somewhere I heared that Base64…
I wrote a small application that uses Argon2i for deriving symmetric keys for encryption of local files and secret Curve25519 keys. Argon2i v1.3 is susceptible to TMTO attacks if the number of passes is below 10, according to the most recent paper …
I'm really trying to make sure that I follow best practices when it comes to password storage, and after some looking around for a good algorithm, I found that Argon2 was the "next big thing". I've been testing it out within VB.Net using the NuGet…
It's a fact that scrypt and argon2 are the two dominant memory hard KDFs.
But which one of them is more recommendable for password hashing? scrypt is older and as far as I know resistant to almost every kind of hardware based attack. But vulnerable…
What are reasonable parameters for Argon2 to hash passwords in a web application? On the one hand we need good performance, fast responses and DDoS resistance, but on the other hand we need protection from brute force on modern GPU, ASIC, FPGA etc.…
This question is theoretical, but will help with my understanding.
All of my passwords are securely generated using 64 random letters (both uppercase and lowercase) and numbers.
Using the argon2i password hashing algorithm, if I supply this long…
