search

P-H-C / phc-winner-argon2

The password hash Argon2, winner of PHC
Other
4.74k stars 405 forks source link

Same salt, pass? #325

Closed hayr-hotoca closed 2 years ago

hayr-hotoca commented 2 years ago

Hi, I want to generate a 256bit key from a string(acts as pass and salt in this hashing algorithm) to use as a key in AES 256 like below:

return await argon2.hash({
  time: 2,
  mem: 2**17,
  hashLen: 32,
  parallelism: 1,
  pass: str, 
  salt: str, 
});

Is the config above generating a secure key and how much time will it take on a today-average computer? Thanks!

ufukty commented 2 years ago 
$ echo -n "hello world" | argon2 "salt123123" -id -t 2 -m 17 -l 32 -p 1
Type:       Argon2id
Iterations: 2
Memory:     131072 KiB
Parallelism:    1
Hash:       160177a5ff4d18dd95146c84bddddc1335156831abb2b053e0c20ea3e5843ab7
Encoded:    $argon2id$v=19$m=131072,t=2,p=1$c2FsdDEyMzEyMw$FgF3pf9NGN2VFGyEvd3cEzUVaDGrsrBT4MIOo+WEOrc
0.173 seconds <<<<<<<<<<<<<<<
Verification ok

Even if we say an average computer is half or quarter as fast, it will be very short period of time. Although your settings are complying with OWASP suggestions.

hayr-hotoca commented 2 years ago

Hi @ufukty I use the same setting with argon2-browser and it takes approx 2s to compute. That may be because of the browser. Can I increase the parallelism or decrease the memory to decrease the time computing? Thanks.

ufukty commented 2 years ago

Notice: I'm not cryptography expert.

When an attacker gets your database of salts and hashes, they may want to prepare a rainbow table for top 10.000 passwords.

It will take 10.000 times x 173ms to calculate a rainbow table for each password. And if you use unique salts for each hash (you should), a rainbow table cannot be used for multiple hashes, so, they will need to create another one for each key.

Total time for creating all rainbow tables for n users' passwords for top 10.000 passwords is:

n x 10.000 x <calc time for one hash>

For 1000 user and 173ms of execution leads us to 20 day of try-fail process. Usage of ASIC can decrease that time, and all rainbow tables won't needed to have all possibilities.

My major suggestion, check user inputs to see if they match with top 10.000 passwords and don't allow users to pick those. This will help more than increasing execution time.

Trade-off: