Argon2

Argon2 is a key derivation function that was selected as the winner of the Password Hashing Competition in July 2015.^[1]^[2] It was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from University of Luxembourg.^[3] Argon2 is released under a Creative Commons CC0 license, and provides two related versions:

Argon2d maximizes resistance to GPU cracking attacks.
Argon2i is optimized to resist side-channel attacks.

Both allow specification by three parameters that control:

execution time
memory required
degree of parallelism

Cryptanalysis[edit]

While there is no public cryptanalysis applicable to Argon2d, there are two published attacks on the Argon2i function.

The first attack shows that it is possible to compute a single-pass Argon2i function using between a quarter and a fifth of the desired space with no time penalty, and compute a multiple-pass Argon2i using only $N$ / $e$ < $N$ /2.71 space with no time penalty.^[4] According to the Argon2 authors, this attack vector was fixed in version 1.3.^[5]

The second attack shows that Argon2i can be computed by an algorithm which has complexity O( $n$ ^7/4 log( $n$ )) for all choices of parameters $σ$ (space cost), $τ$ (time cost), and thread-count such that $n$ = $σ$ ∗ $τ$ .^[6] The Argon2 authors claim that this attack is not efficient if Argon2i is used with three or more passes.^[5] However, Joël Alwen and Jeremiah Blocki improved the attack and showed that in order for the attack to fail, Argon2i 1.3 needs more than 10 passes over memory.^[7]

External links[edit]

References[edit]

^ "Password Hashing Competition"
^ Jos Wetzels (2016-02-08). "Open Sesame: The Password Hashing Competition and Argon2" (PDF).
^ Argon2: the memory-hard function for password hashing and other applications, Alex Biryukov, et al, October 1, 2015
^ Henry Corrigan-Gibbs, Dan Boneh, Stuart Schechter (2016-01-14). "Balloon Hashing: Provably Space-Hard Hash Functions with Data-Independent Access Patterns" (PDF).
^ ^a ^b "[Cfrg] Argon2 v.1.3". www.ietf.org. Retrieved 2016-10-30.
^ Joel Alwen, Jeremiah Blocki (2016-02-19). "Efficiently Computing Data-Independent Memory-Hard Functions" (PDF).
^ Joël Alwen, Jeremiah Blocki (2016-08-05). "Towards Practical Attacks on Argon2i and Balloon Hashing" (PDF).

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

[1] "Password Hashing Competition"

[2] Jos Wetzels (2016-02-08). "Open Sesame: The Password Hashing Competition and Argon2" (PDF).

[3] Argon2: the memory-hard function for password hashing and other applications, Alex Biryukov, et al, October 1, 2015

[4] Henry Corrigan-Gibbs, Dan Boneh, Stuart Schechter (2016-01-14). "Balloon Hashing: Provably Space-Hard Hash Functions with Data-Independent Access Patterns" (PDF).

[:0-5] "[Cfrg] Argon2 v.1.3". www.ietf.org. Retrieved 2016-10-30.

[6] Joel Alwen, Jeremiah Blocki (2016-02-19). "Efficiently Computing Data-Independent Memory-Hard Functions" (PDF).

[7] Joël Alwen, Jeremiah Blocki (2016-08-05). "Towards Practical Attacks on Argon2i and Balloon Hashing" (PDF).

[1]

[2]

[3]

[4]

[5]

[6]

[7]

Argon2

Cryptanalysis[edit]

External links[edit]

References[edit]

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Interaction

Tools

Print/export

Languages