Winner of Password Hashing Competition Argon2 or again on slow hashing
Hi% username%!
Previously, we have already covered the topic of slowing down hashing. This was before the introduction of fast hash-crushers aka miners. As it turned out, the topic is much more serious than “scrolling a hash 100,500 times and mixing trash to it,” because the GPU and special devices dramatically speed up the brute force, which is difficult to fight even with such things as bcrypt.
And so, people beat down the competition , the result of which was to be an algorithm that is difficult to accelerate on special chips and GPUs, while it should be customizable depending on the wishes of the developer. This algorithm was Argon2 .
Argon2 allows you to configure the following hash options:
')
Also, Argon2 is available in two versions: Argon2i and Argon2d. The first one makes more passes through the memory and is slower, the second one is faster, but it has no protection against timing attacks, and it is also harder to select it on the GPU. If you are not sure, choose Argon2i.
The first is recommended for password hashing, the second is for cryptocurrencies, where timing attacks are not terrible.
The algorithm is optimized specifically for the x86 / x64 architecture, so it is extremely difficult to speed it up on ASIC / GPU and other iron pieces. Multiple memory runs are used, a huge scary matrix of hashes is formed inside, which depend on each other and are processed in a complex way.
If you want very technical details, then there is an official dock with matane and other calculations.
Bindings are also available for many popular languages ​​and platforms: Go, Haskell, JavaScript, JVM, Lua, OCaml, Python, Python, Ruby, Rust and C #.
The developers recommend choosing the parameters of the algorithm in such a way that the hashing takes about 0.5 seconds with the consumption of 2-4 GB of memory.
In general, the thing is cool, I think you need to implement it everywhere and everywhere. For example, there are already Coins based on Argon2. So far without a GPU and asic.
Previously, we have already covered the topic of slowing down hashing. This was before the introduction of fast hash-crushers aka miners. As it turned out, the topic is much more serious than “scrolling a hash 100,500 times and mixing trash to it,” because the GPU and special devices dramatically speed up the brute force, which is difficult to fight even with such things as bcrypt.
And so, people beat down the competition , the result of which was to be an algorithm that is difficult to accelerate on special chips and GPUs, while it should be customizable depending on the wishes of the developer. This algorithm was Argon2 .
Argon2 allows you to configure the following hash options:
')
- Number of iterations
- Desired memory
- Degree of parallelism
- Result size, in bytes
- The secret key
- Additional data
Also, Argon2 is available in two versions: Argon2i and Argon2d. The first one makes more passes through the memory and is slower, the second one is faster, but it has no protection against timing attacks, and it is also harder to select it on the GPU. If you are not sure, choose Argon2i.
The first is recommended for password hashing, the second is for cryptocurrencies, where timing attacks are not terrible.
The algorithm is optimized specifically for the x86 / x64 architecture, so it is extremely difficult to speed it up on ASIC / GPU and other iron pieces. Multiple memory runs are used, a huge scary matrix of hashes is formed inside, which depend on each other and are processed in a complex way.
If you want very technical details, then there is an official dock with matane and other calculations.
Bindings are also available for many popular languages ​​and platforms: Go, Haskell, JavaScript, JVM, Lua, OCaml, Python, Python, Ruby, Rust and C #.
The developers recommend choosing the parameters of the algorithm in such a way that the hashing takes about 0.5 seconds with the consumption of 2-4 GB of memory.
In general, the thing is cool, I think you need to implement it everywhere and everywhere. For example, there are already Coins based on Argon2. So far without a GPU and asic.
Source: https://habr.com/ru/post/281569/
All Articles