68 Hits in 3.8 sec

Argon2: New Generation of Memory-Hard Functions for Password Hashing and Other Applications

Alex Biryukov, Daniel Dinu, Dmitry Khovratovich
2016 2016 IEEE European Symposium on Security and Privacy (EuroS&P)  
We present a new hash function Argon2, which is oriented at protection of low-entropy secrets without secret keys.  ...  It requires a certain (but tunable) amount of memory, imposes prohibitive time-memory and computation-memory tradeoffs on memory-saving users, and is exceptionally fast on regular PC.  ...  The password hashing scheme scrypt [13] is an instance of such function. Memory-hard schemes also have other applications. They can be used for key derivation from low-entropy sources.  ... 
doi:10.1109/eurosp.2016.31 dblp:conf/eurosp/BiryukovDK16 fatcat:zzx5hvyganaq7nbusxyrted454

Argon2: The Secure Password Hashing Function

Aleena Theresa George, Dr. Juby Mathew
2021 Zenodo  
Argon2 is yet another hashing function that can outperform current hardware in terms of compute power.  ...  Argon2 addresses several important flaws in existing algorithms by being designed for the fastest memory filling rate and the most efficient usage of numerous processing units while still offering protection  ...  It summarises the state of the art in memory hard function design. It's a simple and basic design.  ... 
doi:10.5281/zenodo.5091700 fatcat:ux77hkqz7rh35c524uhacmeucm

Password-Hashing Status

George Hatzivasilis
2017 Cryptography  
The competition advanced our knowledge in password-hashing and enhanced a trend of memory-hard functions, applied by the winner and most of the honourable finalists.  ...  The international cryptographic community conducted the Password Hashing Competition (PHC) to identify new efficient and more secure password-hashing schemes, suitable for widespread adoption.  ...  Argon/Argon2 Optimized for security, efficiency, and clarity, Argon is a safe and memory-hard hash function. It operates as PHS, KDF, and for any other memory-demanding operation.  ... 
doi:10.3390/cryptography1020010 fatcat:klnw5tucinfwfoxwe5zlpsepwi

Egalitarian computing [article]

Alex Biryukov, Dmitry Khovratovich
2018 arXiv   pre-print
Based on existing schemes like Argon2 and the recent generalized-birthday proof-of-work, we suggest a generic framework and two new schemes: MTP, a memory-hard Proof-of-Work based on the memory-hard function  ...  MHE, the concept of memory-hard encryption, which utilizes available RAM to strengthen the encryption for the low-entropy keys (allowing to bring back 6 letter passwords).  ...  We also thank Zcoin project [5] for organizing the MTP bounty challenge and for partial funding of this work.  ... 
arXiv:1606.03588v2 fatcat:deazhh5s35cj7aeatig4dnqnny

Cryptanalytic time–memory trade-off for password hashing schemes

Donghoon Chang, Arpan Jati, Sweta Mishra, Somitra Kumar Sanadhya
2018 International Journal of Information Security  
These are called Memory hard designs. However, it is generally difficult to evaluate the "memory hardness" of a given PHS design.  ...  We also analyze these PHS for performance under various settings of time and memory complexities.  ...  Our Contribution: Most of the submissions of Password Hashing Competition [3] claim memory-hardness.  ... 
doi:10.1007/s10207-018-0405-5 fatcat:z4zsvcflyfa23bft7v6dvgj2km

[Preprint] Evaluation of Password Hashing Schemes in Open Source Web Platforms

Ntantogian Christoforos, Malliaros Stefanos, Xenakis Christos
2019 Zenodo  
The conjecture is that that the security status of the hashing schemes calls for changes with new security recommendations and updates to the default security settings.  ...  First, we formulate the cost time of password guessing attacks and next we investigate the default hashing schemes of popular CMS and web applications frameworks.  ...  Acknowledgement This work was supported in part by the FutureTPM project of Horizon H2020 Framework Programme of the European Union under GA number 779391, and by the H2020-MSCA-RISE-2017 SealedGRID project  ... 
doi:10.5281/zenodo.2633019 fatcat:3x7twt6h6fe53cgpsku4emtm3q

Itsuku: a Memory-Hardened Proof-of-Work Scheme [article]

Fabien Coelho, Arnaud Larroche, Baptiste Colin
2017 IACR Cryptology ePrint Archive  
The MTP-Argon2 PoW by Biryukov and Khovratovich is loosely based on the Argon2 memory-hard password hashing function. Several attacks have been published.  ...  The Itsuku proof size is typically 1 /16th of the initial scheme, while providing better memory hardness. We also describe high-end hardware designs for MTP-Argon2 and Itsuku.  ...  Beltaïfa and Pierre Jouvelot for proofreading; Wolfram Alpha for partial help with some formulae; Doubloon Skunkworks and Zcoin for support.  ... 
dblp:journals/iacr/CoelhoLC17 fatcat:myajbi6p4ncatlzul7g6kt5y64

Isilon Credential Vault: An Authentication Provider

Murumkar Prof. R.B., Sanket Kulkarni, Shushanth M.
2019 IJARCCE  
This paper explains insights on the multilevel security being implemented for the credential vault. Passwords in the system are stored as salted hashes.  ...  Also we aim to provide APIs for the system through which open source applications like Apache can make use of the authenticator to store credentials.  ...  The exchange of information further will be done by using asymmetric keys. Passwords are salted using randomised salt and hashed using memory hard, slow hashing functions like Argon 2i.  ... 
doi:10.17148/ijarcce.2019.8611 fatcat:rin4q6r55rf6zelafpfgypgefu

Towards Practical Attacks on Argon2i and Balloon Hashing

Joel Alwen, Jeremiah Blocki
2017 2017 IEEE European Symposium on Security and Privacy (EuroS&P)  
The algorithm Argon2i-B of Biryukov, Dinu and Khovratovich is currently being considered by the IRTF (Internet Research Task Force) as a new de-facto standard for password hashing.  ...  An older version (Argon2i-A) of the same algorithm was chosen as the winner of the recent • On a positive note, both the asymptotic and concrete security of Argon2i-B seem to improve on that of Argon2i-A  ...  Indeed, most of the entrants to recent Password Hashing Competition [PHC] which had the stated aim of finding a new password hashing algorithm, claimed some form of memory-hardness.  ... 
doi:10.1109/eurosp.2017.47 dblp:conf/eurosp/AlwenB17 fatcat:kmad5k6frne3latxs3rt5wayqa

Protecting accounts from credential stuffing with password breach alerting

Kurt Thomas, Jennifer Pullman, Kevin Yeo, Ananth Raghunathan, Patrick Gage Kelley, Luca Invernizzi, Borbala Benko, Tadek Pietraszek, Sarvar Patel, Dan Boneh, Elie Bursztein
2019 USENIX Security Symposium  
By alerting users to this breach status, 26% of our warnings result in users migrating to a new password, at least as strong as the original.  ...  Protecting accounts from credential stuffing attacks remains burdensome due to an asymmetry of knowledge: attackers have wide-scale access to billions of stolen usernames and passwords, while users and  ...  Acknowledgements We would like to thank Oxana Comanescu, Sunny Consolvo, Ali Zand, and our anonymous reviewers for their feedback and support in designing our breach alerting protocol.  ... 
dblp:conf/uss/ThomasPYRKIBPPB19 fatcat:66yciaf3efhebjq6peajtcdf5i

Making More Extensive and Efficient Typo-Tolerant Password Checkers

Enka Blanchard
2020 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)  
Chatterjee et al. recently introduced the first two typo-tolerant password checkers, their second being usable in practice while being able to correct up to 32% of typos, with no real security cost.  ...  As passwords remain the main online authentication method, focus has shifted from naive entropy to how usability improvements can increase security.  ...  That said, other cryptographic hash functions and PRNGs could be used if vulnerabilities were found in the ones mentioned.  ... 
doi:10.1109/compsac48688.2020.00-29 dblp:conf/compsac/Blanchard20 fatcat:cwrk6cb3ufaqbbarfblhv3nyqq

Balloon Hashing: A Memory-Hard Function Providing Provable Protection Against Sequential Attacks [chapter]

Dan Boneh, Henry Corrigan-Gibbs, Stuart Schechter
2016 Lecture Notes in Computer Science  
., with hundreds of cores) to attack Balloon and other memory-hard functions.  ...  Memory-hard functions require a large amount of working space to evaluate efficiently and, when used for password hashing, they dramatically increase the cost of offline dictionary attacks.  ...  for comments on early versions of this work.  ... 
doi:10.1007/978-3-662-53887-6_8 fatcat:suv2aimhkvcelggdqh45jmgfie

Symmetrically and Asymmetrically Hard Cryptography [chapter]

Alex Biryukov, Léo Perrin
2017 Lecture Notes in Computer Science  
We present for the first time a unified framework for describing the hardness of a primitive along any of these three axes: code-hardness, timehardness and memory-hardness.  ...  Whale is a code-hard hash function which could be used as a key derivation function and Skipper is the first asymmetrically time-hard block cipher.  ...  Acknowledgements We thank anonymous reviewers from S&P, USENIX and ASIACRYPT'17 for their helpful comments.  ... 
doi:10.1007/978-3-319-70700-6_15 fatcat:ppxfwa4pgfhpxlnycdbyx7mpna

Exploiting an HMAC-SHA-1 optimization to speed up PBKDF2

Andrea Visconti, Federico Gorla
2018 IEEE Transactions on Dependable and Secure Computing  
Interestingly, suggests that it is possible to precompute first message block of a keyed hash function only once, store such a value and use it each time is needed [43] .  ...  PBKDF2 [27] is a well-known password-based key derivation function.  ...  Although Argon2 is expected to be the password-based KDF of the next years, currently one of the most widely used functions is PBKDF2 [37] .  ... 
doi:10.1109/tdsc.2018.2878697 fatcat:3szuzg5cfjf7hh5npf4oq62i2i

Bandwidth Hard Functions for ASIC Resistance [chapter]

Ling Ren, Srinivas Devadas
2017 Lecture Notes in Computer Science  
Cryptographic hash functions have wide applications including password hashing, pricing functions for spam and denial-of-service countermeasures and proof of work in cryptocurrencies.  ...  The standard approach towards ASIC resistance today is through memory hard functions or memory hard proof of work schemes.  ...  Acknowledgements: The authors are grateful to Krzysztof Pietrzak, Joël Alwen and Jeremiah Blocki for valuable discussions.  ... 
doi:10.1007/978-3-319-70500-2_16 fatcat:unrob26zazdarb4pbnz6efgo6y
« Previous Showing results 1 — 15 out of 68 results