Saturday, March 11, 2017

[duafaprv] Argon2i versus Argon2d

Use Argon2i when hashing passwords.  It provides resistance against side channel attacks with which eavesdroppers could discover the password while it is being hashed.

Use Argon2d when hashing non-secrets, most famously for proof-of-work systems like cryptocurrencies (e.g., Bitcoin) and Hashcash.  It provides resistance against ASIC and GPU attacks.

The tricky case is when there are threats of both side-channel and ASIC attacks (arguably any attack against a hashed password).  The conservative approach is simply Argon2i with more memory and more rounds.  The more risky approach is the less-cryptanalyzed Argon2id.

No comments :