Argon2

Argon2 is a key derivation function that was selected as the winner of the Password Hashing Competition in July 2015.^[1]^[2] It was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from University of Luxembourg.^[3] Argon2 is released under a Creative Commons CC0 license, and provides two related versions:

Argon2d maximizes resistance to GPU cracking attacks.
Argon2i is optimized to resist side-channel attacks.

Both allow specification by three parameters that control:

execution time
memory required
degree of parallelism

Cryptanalysis

While there is no public cryptanalysis applicable to Argon2d, there are two published attacks on the Argon2i function.

The first attack shows that it is possible to compute a single-pass Argon2i function using between a quarter and a fifth of the desired space with no time penalty, and compute a multiple-pass Argon2i using only $N$ / $e$ < $N$ /2.71 space with no time penalty.^[4] According to the Argon2 authors, this attack vector was fixed in version 1.3.^[5]

The second attack shows that Argon2i can be computed by an algorithm which has complexity O( $n$ ^7/4 log( $n$ )) for all choices of parameters $σ$ (space cost), $τ$ (time cost), and thread-count such that $n$ = $σ$ ∗ $τ$ .^[6] The Argon2 authors claim that this attack is not efficient if Argon2i is used with three or more passes.^[5] However, Joël Alwen and Jeremiah Blocki improved the attack and showed that in order for the attack to fail, Argon2i 1.3 needs more than 10 passes over memory.^[7]

External links

References

^ "Password Hashing Competition"
^ "Open Sesame: The Password Hashing Competition and Argon2" (PDF). 2016-02-08. {{cite journal}}: Cite journal requires |journal= (help); Cite uses deprecated parameter |authors= (help)
^ Argon2: the memory-hard function for password hashing and other applications, Alex Biryukov, et al, October 1, 2015
^ "Balloon Hashing: Provably Space-Hard Hash Functions with Data-Independent Access Patterns" (PDF). 2016-01-14. {{cite journal}}: Cite journal requires |journal= (help); Cite uses deprecated parameter |authors= (help)
^ ^a ^b "[Cfrg] Argon2 v.1.3". www.ietf.org. Retrieved 2016-10-30.
^ "Efficiently Computing Data-Independent Memory-Hard Functions" (PDF). 2016-02-19. {{cite journal}}: Cite journal requires |journal= (help); Cite uses deprecated parameter |authors= (help)
^ "Towards Practical Attacks on Argon2i and Balloon Hashing" (PDF). 2016-08-05. {{cite journal}}: Cite journal requires |journal= (help); Cite uses deprecated parameter |authors= (help)

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

[1] "Password Hashing Competition"

[2] "Open Sesame: The Password Hashing Competition and Argon2" (PDF). 2016-02-08. {{cite journal}}: Cite journal requires |journal= (help); Cite uses deprecated parameter |authors= (help)

[3] Argon2: the memory-hard function for password hashing and other applications, Alex Biryukov, et al, October 1, 2015

[4] "Balloon Hashing: Provably Space-Hard Hash Functions with Data-Independent Access Patterns" (PDF). 2016-01-14. {{cite journal}}: Cite journal requires |journal= (help); Cite uses deprecated parameter |authors= (help)

[:0-5] "[Cfrg] Argon2 v.1.3". www.ietf.org. Retrieved 2016-10-30.

[6] "Efficiently Computing Data-Independent Memory-Hard Functions" (PDF). 2016-02-19. {{cite journal}}: Cite journal requires |journal= (help); Cite uses deprecated parameter |authors= (help)

[7] "Towards Practical Attacks on Argon2i and Balloon Hashing" (PDF). 2016-08-05. {{cite journal}}: Cite journal requires |journal= (help); Cite uses deprecated parameter |authors= (help)

[1]

[2]

[3]

[4]

[5]

[6]

[7]