argon2 – WindowsTechs.com

What are the risks of using password hashing algorithms like Argon2 or PBKDF2 in a JavaScript application [duplicate]

Posted on April 26, 2024 by Hman66

I’m wondering what are the risks of using password hashing algorithms like Argon2 or PBKDF2 in a JavaScript application.
I am wondering this because of the considerations of client-side execution, and the potential for an attacker to explo… Continue reading What are the risks of using password hashing algorithms like Argon2 or PBKDF2 in a JavaScript application [duplicate]→

Why does OWASP recommend only 1 degree of parallelism for Argon2id

Posted on April 24, 2024 by Jesse C. Slicer

Referencing this document, they give justifications for a number of their recommendations, but not any behind only going with 1 degree of parallelism for using Argon2id. Is there a reason why this is recommended that is unmentioned there?
… Continue reading Why does OWASP recommend only 1 degree of parallelism for Argon2id→

Algorithms when using client side hashing plus server side hashing

Posted on February 15, 2024 by shaniag

So if I got this right from my intense research, the following procedure would be preferrable:
Use the PBKDF2 key derivation function to derive a secret key from the users password on the client side.
Use the derived key, which was generat… Continue reading Algorithms when using client side hashing plus server side hashing→

Mixing argon2/HKDF to generate both password hash and encryption key?

Posted on October 20, 2023 by codestation

I am trying to use a user password in my application to both generate a password hash (for authentication) and to derive a secret key to encrypt user data.
Using argon2 is an expensive operation so i only want to call it only once when the… Continue reading Mixing argon2/HKDF to generate both password hash and encryption key?→

How should an argon2 hash be stored? [duplicate]

Posted on April 5, 2023 by Zack.B_

Given the following argon2 hash
$argon2id$v=19$m=65536,t=32,p=8$mJmKA5qamzXOPJZYw4wCEUKY$COkMH0RckaZ/3bhYCdCQjLuzoLKxcAmk4TzmHRRgTQ8
How should the hash be stored in a database? From the answers of this question it says you shouldn’t store… Continue reading How should an argon2 hash be stored? [duplicate]→

Argon2 is worse than bcrypt at runtimes < 1000 ms? [duplicate]

Posted on April 2, 2023 by ZiiMakc

While Argon2 seems to be recommended for password hashing, based on this twit Argon2 is worse than bcrypt at runtimes < 1000 ms.
Based on this answer:

You should tweak the parameters to your own use-case and performance
requirements, b… Continue reading Argon2 is worse than bcrypt at runtimes < 1000 ms? [duplicate]→

How long would it take to crack hashed password stored in plain sight?

Posted on March 24, 2023 by blairmunroakusa

I want to store a password hash in plain sight. If I am using a dictionary to crack an Argon2 hashed password that I am storing in plain sight, how long would it take (assuming my password is reasonably complex)? Further, are there any oth… Continue reading How long would it take to crack hashed password stored in plain sight?→

Argon2 password hashing in django [migrated]

Posted on December 5, 2022 by Testdev01

i noticed my django is hashing the passwords asargon2$argon2id$v=19$m=102400,t=2,p=8$salt$hash
according to Argon2 in browser
the encription is $argon2id$v=19$m=102400,t=2,p=8$salt$hash
if i try to match argon2$argon2id$v=19$m=102400,t=2,p… Continue reading Argon2 password hashing in django [migrated]→

What argon2id parameters should I adjust

Posted on October 9, 2022 by Kim Mỹ

I am currently running argon2id of hashing function with below parameters on my IphoneXS:
Iterations: 8, Memory: 64MB, Parallelism: 8, HashLength: 32,
These params allow hashing time to be less than 1s.
So is there a formula to calculate t… Continue reading What argon2id parameters should I adjust→

Practicality of outsourcing password hashing using enclaves

Posted on September 15, 2022 by Expectator

I’ve been pondering some potential cybersecurity applications for enclaves. One of them being the problem of password hashing.
Some clients have enclave support, meaning part of their CPU can securely execute code in an encrypted and authe… Continue reading Practicality of outsourcing password hashing using enclaves→