Argon2
Argon2
In cybersecurity, there are many cases where you have a secret and then need to derive something from this — along with a salt value. This involves taking a password and then deriving either an encryption key of a fixed size or a hashed value. But, the problem we have with these is that GPUs allow for fast hashing and can thus often quickly crack a hashed version of a password. To overcome this, we often apply a number of rounds to the hashing process, such as with Bcrypt and PBKDF2 (Password-based Key Derivation Function 2).
Unfortunately, GPU cores can still run the hashing process at a reasonable cost. To overcome cracking with GPUs, we can thus construct a computing method that will require a given amount of memory to complete the task. As the cores of the GPUs do not have much memory for each core, then local memory is overloaded and causes the GPU to slow down. This is known as being memory-hard and is implemented with Argon 2.
Along with this, such as in the area of cryptocurrency, we have applications where a given amount of computation (work) needs to be completed to perform a task. Again, we can use Argon 2 to define the work requirements for the computation.
RFC 9106
Argon2 was designed Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich, and is a key derivation function (KDF), where were we can create hashed values of passwords, or create encryption keys based on a password. It was a winner of the Password Hashing Competition in July 2015, and is robust against GPU and side channel attacks [paper]. It was integrated into OpenSSL 3.2.
Overall, it is now defined in RFC 9106 and is entitled “Memory-Hard Function for Password Hashing and Proof-of-Work Applications”. and is used for password hashing, key derivation and proof-of-work. The main variant is Argon2id which is optimized for x86 architectures. It has two subvariants: Argon2d and Argon2i. Overall, Argon2d provides data-dependent memory access method and is useful for cryptocurrencies and proof-of-work applications. It also does not have any threats for side-channel timing attacks. Alternatively, Argon2i uses data-independent memory access and can be used for password hashing and password-based key derivation (KDF).
Argon2 parameters
The main parameters used in Argon 2 are defined in Figure 1, such as for iterations, memcost and parallelism. A standard form is:
$argon2i$v=19$m=4096,t=2,p=4$salt$rZHPyRIa8XEvQ9rVqpvoibllLagNNGUeCNCmxeZfgBAand where v=19 identifies that we are using Argon 2. The parameters are then defined in “m=4096,t=2,p=4”, and where we have a Memory Cost of 4,096 bytes, a parallelism of 4, and iterations of 2. The salt, in this case, is “salt”, and the derived hash is “rZHPyRIa8XEvQ9rVqpvoibllLagNNGUeCNCmxeZfgBA”. Argon 2 also can output with a defined number of bytes (the digest size).
The implementation of Argon2 using OpenSSL, C#, Rust, and Golang is given here: