Saturday, March 11, 2017

[duafaprv] Argon2i versus Argon2d

Use Argon2i when hashing passwords.  It provides resistance against side-channel attacks with which eavesdroppers could discover the secret password while it is being hashed.

Use Argon2d when hashing non-secrets, most famously for proof-of-work systems like cryptocurrencies (e.g., Bitcoin) and Hashcash.  It provides resistance against ASIC and GPU attacks.

If there are threats of both ASIC and side-channel attacks (arguably any attack against a hashed password), the conservative approach is to continue to use Argon2i.  Although Argon2i is weaker than 2d against ASIC and GPU, it is by no means weak.  Setting Argon2i's memory usage quite high will thwart ASIC and GPU attacks.

The more risky approach is the less-cryptanalyzed Argon2id.

No comments :