Questions tagged [argon2]

Argon2 is a key derivation function that was selected as the winner of the Password Hashing Competition in July 2015.

26 questions
103
votes
1 answer

In 2018, what is the recommended hash to store passwords: bcrypt, scrypt, Argon2?

There are many questions about picking a hash function, including How to securely hash passwords? or Are there more modern password hashing methods than bcrypt and scrypt?, with very detailed answers, but most of them date quite a bit. The consensus…
jcaron
  • 3,365
  • 2
  • 15
  • 22
66
votes
7 answers

Is it safe/wise to store a salt in the same field as the hashed password?

In using Argon2 for hashing passwords in my application, I've noticed it generates a string like this (e.g. for password "rabbit"): $argon2i$v=19$m=65536,t=3,p=1$YOtX2//7NoD/owm8RZ8llw==$fPn4sPgkFAuBJo3M3UzcGss3dJysxLJdPdvojRF20ZE= My understanding…
PenumbraBrah
  • 771
  • 1
  • 5
  • 6
50
votes
3 answers

Which is the best password hashing algorithm in .NET Core?

What are the considerations when picking the best password hashing algorithm in .NET Core? I read that not all hashing algorithms are compliant / unverified, so I am a hesitant on just getting various implementations from NuGet. Also, it is not…
Water
  • 623
  • 1
  • 6
  • 6
13
votes
1 answer

What are the minimum parameters for Argon2?

Argon2 is the winner of the Password Hashing competition, and currently recommended by OWASP for secure storage of passwords. One crucial step of Argon2 is determining the parameters used by the function. The current IETF draft titled "The…
user163495
8
votes
3 answers

Argon2 vs SHA-512, what's better in my case?

First I am very bad in cryptographic algorithms. I found online that Argon2 is more secure than SHA-512, so I used it for password hashing. There're recommended options for Argon2: Memory: 4Gb Iterations: 4 or more On my ancient server it takes a…
Denis Sologub
  • 183
  • 1
  • 5
6
votes
2 answers

Since GPUs have gigabytes of memory, does Argon2id need to use gigabytes of memory as well in order to effectively thwart GPU cracking?

The common advice of benchmarking a password hashing algorithm and choosing the slowest acceptable cost factor doesn't work for algorithms with more than one parameter: adding a lot of iterations at the expense of memory hardness makes the benchmark…
Luc
  • 31,973
  • 8
  • 71
  • 135
6
votes
1 answer

Which part of this encoded Argon2 hash is the salt?

I was reading the post Is it safe/wise to store a salt in the same field as the hashed password?: $argon2i$v=19$m=65536,t=3,p=1$YOtX2//7NoD/owm8RZ8llw==$fPn4sPgkFAuBJo3M3UzcGss3dJysxLJdPdvojRF20ZE= My understanding is that everything prior to p=…
Mr.President
  • 75
  • 1
  • 5
6
votes
1 answer

Source for up-to-date GPU/ASIC hash performance?

I am looking for CPU, GPU and/or ASIC performance stats on hash performance. Specifically SHA256 and Argon2i. I've googled and only came up with very limited anecdotal evidence. Considering that this fast-changing field is so important for security…
mkoistinen
  • 161
  • 1
  • 3
5
votes
2 answers

Is it true that argon2i is "preferred for password hashing and key derivation"?

I was looking at the wiki for the node-argon2 package in npm, when I came around this justification for using argon2i as the default mode: The variant of the hash function. Argon2 has several variants with different aims: argon2d is faster and…
5
votes
2 answers

Appending a secret (pepper) to Argon2 password hashes

I've read quite a bit of the StackExchange and HackerNews debates on the user of "peppers" in password hash security. There are a number of different implementations of the idea of a pepper, ranging from an additional hardcoded salt in the code…
Prime
  • 472
  • 6
  • 14
4
votes
1 answer

Practicality of outsourcing password hashing using enclaves

I've been pondering some potential cybersecurity applications for enclaves. One of them being the problem of password hashing. Some clients have enclave support, meaning part of their CPU can securely execute code in an encrypted and authenticated…
3
votes
1 answer

Configuring Argon2id for Multiple Threads

We're using argon2-jvm to use Argon2id on our Java TCP Server. Because its argon2id instance is thread-safe, we plan to only create a single instance for the lifetime of our app and have each request handler call it whenever necessary (e.g. for new…
3
votes
0 answers

Salt in argon2d as proof-of-work algorithm

I want to use argon2d as a proof-of-work algorithm. But as I know I can't use the algorithm without salt? Should I use a static salt for every task or generate new? Is it possible to increase algorithm performance in case of static salt using? What…
NoTrust
  • 131
  • 1
2
votes
0 answers

Is it possible to use Argon2id hashes with PAM?

I was wondering if it's possible to implement more secure KDF like bcrypt, scrypt, pbkdf2 and argon2id in PAM authentication. Ideally I would like to have their hashes instead of SHA-512 ones directly in /etc/shadow, but we all know what Ulrich…
Polizi8
  • 63
  • 4
2
votes
1 answer

Argon2id Configuration

I read an article about how to use Argon2id in C# here. Below is the code they wrote (slightly edited): using System; using System.Diagnostics; using System.Linq; using System.Security.Cryptography; using System.Text; using…
1
2