 |
Argon2 is a key derivation function that was selected as the winner of the 2015 Password Hashing Competition.[1][2] It was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from the University of Luxembourg.[3] The reference implementation of Argon2 is released under a Creative Commons CC0 license (i.e. public domain) or the Apache License 2.0, and provides three related versions:
- Argon2d maximizes resistance to GPU cracking attacks. It accesses the memory array in a password dependent order, which reduces the possibility of time–memory trade-off (TMTO) attacks, but introduces possible side-channel attacks.
- Argon2i is optimized to resist side-channel attacks. It accesses the memory array in a password independent order.
- Argon2id is a hybrid version. It follows the Argon2i approach for the first half pass over memory and the Argon2d approach for subsequent passes. RFC 9106 recommends using Argon2id if you do not know the difference between the types or you consider side-channel attacks to be a viable threat.[4]
All three modes allow specification by three parameters that control:
- execution time
- memory required
- degree of parallelism
- ^ "Password Hashing Competition"
- ^ Jos Wetzels (2016-02-08). "Open Sesame: The Password Hashing Competition and Argon2". arXiv:1602.03097 [cs.CR].
- ^ Argon2: the memory-hard function for password hashing and other applications, Alex Biryukov, et al, October 1, 2015
- ^ Biryukov, Alex; Dinu, Daniel; Khovratovich, Dmitry; Josefsson, Simon (September 2021). "Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications". Retrieved September 9, 2021.