1. Argon2
Argon2 is more than just a password hashing algorithm.
This is a framework that offers flexibility based on its variants, each tailored to specific threat models.
Core Features
- Memory-hardness
Designed to consume significant amounts of memory, thwarting both time-memory trade-offs and hardware-based attacks. - Parallelism
Supports parallel processing, making it efficient on multi-core systems.
Variants of Argon2
- Argon2d (data-dependent)
- Argon2i (data-independent)
- Argon2id (hybrid)
Argon2d (data-dependent)
- Memory Access Pattern
This variant is influenced by the password and the salt, leading to data-dependent memory access. - Best Used
In scenarios where the environment is controlled and side-channel attack risks are minimal. It's especially efficient against GPU-based attacks.
Argon2i (data-independent)
- Memory Access Pattern
Designed for data-independent memory access, it aims to mitigate potential timing-based side-channel attacks. - Best Used
For more sensitive operations or environments where side-channel attacks are a more significant concern.
Argon2id (hybrid)
- Memory Access Pattern
Starts with data-independent access (like Argon2i) but later transitions to data-dependent access (like Argon2d). - Best Used
In general-purpose scenarios where there’s a need for a balanced approach.
2. Balloon Algorithm
Conceptualized by Dan Boneh, Henry Corrigan-Gibbs, and Stuart Schechter, the Balloon algorithm uses a memory buffer, known as the "tape," which requires sequential access.
Core Features
- Sequential Memory Access
This technique ensures adversaries can't compute hashes in parallel efficiently, adding to the memory-hard nature of the algorithm. - State Mixing
The algorithm uses the password, salt, and a block counter to deterministically fill its buffer. Once filled, it then "mixes" or "stirs" this buffer a specified number of times to produce the final hash.
Balloon vs. Argon2
- Simplicity vs. Flexibility
Balloon is simpler with less configurability, which can be a strength or weakness depending on the application. Argon2, with its variants, offers more tailored solutions. - Security against Side-Channel Attacks
Both Argon2i and Balloon are designed to resist side-channel attacks, but their methods differ. Argon2i uses data-independent memory access, while Balloon relies on sequential memory access and state mixing. - Performance
Argon2's support for parallelism gives it a performance edge on multi-core systems compared to Balloon. However, the actual speed will always depend on the specific configuration and environment.
Recommendation
If you're seeking a solution with broader community support, extensive documentation, and adaptability, Argon2 (especially Argon2id) would likely be your best bet. It's been rigorously vetted and has become a standard in many security-conscious applications.
On the other hand, if you desire a more straightforward mechanism with an emphasis on sequential memory-hardness, the Balloon hashing algorithm is an excellent choice. However, it may not offer the same level of flexibility and parallel processing efficiency as Argon2.
In essence, neither is universally "better" than the other. The optimal choice is largely contingent on your specific application needs, the computational environment, and the primary threat vectors you're addressing.
Contact
ian.ilminmoon@gmail.com
'Simple Topics' 카테고리의 다른 글
| MySQL 8.1 출시 (Innovation Release와 LTS 알아보기) (1) | 2023.07.19 |
|---|---|
| UUID 의 세계(UUID 선택 가이드) (0) | 2023.05.15 |
| JDBC 살펴보기 (JDBC communication internals with postgresql) (1) | 2023.05.14 |