Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [balloon-hashing]

Balloon Hashing is a password-based (equivalently: entropy stretching) Key Derivation Function proposed in 2016.

The reference article on Balloon Hashing is: Dan Boneh, Henry Corrigan-Gibbs, and Stuart Schechter Balloon Hashing: A Memory-Hard Function Providing Provable Protection Against Sequential Attacks (in proceedings of AsiaCrypt 2016).

5 questions
25
votes
1 answer

Memory-hard password hash in practice?

Dan Boneh, Henry Corrigan-Gibbs, and Stuart Schechter have proposed Balloon Hashing: A Memory-Hard Function Providing Provable Protection Against Sequential Attacks (in proceedings of AsiaCrypt 2016). Taking the abstract at face value, it is a blow…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
3
votes
0 answers

How to make balloon hash password dependent?

The balloon hashing algorithm has been compared to the argon2 algorithm, and with its memory accesses being password independent it is most similar to argon2i. Sources such as the RFC for argon2 and OWASP recommends the use of argon2id for password…
n-l-i
  • 1,084
  • 5
  • 15
2
votes
1 answer

What's the use of the `delta` parameter in Balloon's hash?

The image below shows Balloon's pseudo code from its paper, and relevant parameters to my question is delta. Question: What is its impact on memory hardness?
caveman
  • 721
  • 3
  • 15
1
vote
0 answers

How do side channel attacks on memory hard key derivation work?

Is it solely by exploiting that accessing a given memory address depends on its location? E.g. column hit? Or is it just the CPU cache pre-fetching? Or is it something else (or more)? Also, how does the attacker find out the location of picked…
caveman
  • 721
  • 3
  • 15
1
vote
1 answer

What does Balloon's theorem really mean?

Balloon's theorem says: Questions: Am I understanding the variables correctly? $n$ is number of blocks the user chooses. $r$ is number of rounds the user chooses. $\delta$ is number of pseudorandom dependencies the user chooses per-round…
caveman
  • 721
  • 3
  • 15