Collaborate Disseminate
I am currently running argon2id of hashing function with below parameters on my IphoneXS:
Iterations: 8, Memory: 64MB, Parallelism: 8, HashLength: 32,
These params allow hashing time to be less than 1s.
So is there a formula to calculate t… Continue reading What argon2id parameters should I adjust
I’ve been pondering some potential cybersecurity applications for enclaves. One of them being the problem of password hashing.
Some clients have enclave support, meaning part of their CPU can securely execute code in an encrypted and authe… Continue reading Practicality of outsourcing password hashing using enclaves
I plan to use it locally on mobile devices. These seems to do not offer computational power as good as on a server.
So what could be a secure argon2id parameters that run around 1s since offline apps should also be friendly too?
First I am very bad in cryptographic algorithms.
I found online that Argon2 is more secure than SHA-512, so I used it for password hashing.
There’re recommended options for Argon2:
Memory: 4Gb
Iterations: 4 or more
On my ancient server i… Continue reading Argon2 vs SHA-512, what’s better in my case?
I need to create WebSocket authentication mechanism without using ticketing, so the whole authentication needs to be performed via HTTP (over SSL) GET request which is sent to upgrade connection to WebSocket (code snippet used to handle up… Continue reading Does sending hashed password over url path parameter secure?
The common advice of benchmarking a password hashing algorithm and choosing the slowest acceptable cost factor doesn’t work for algorithms with more than one parameter: adding a lot of iterations at the expense of memory hardness makes the… Continue reading Since GPUs have gigabytes of memory, does Argon2id need to use gigabytes of memory as well in order to effectively thwart GPU cracking?
I have a background in web app development and I’m trying to up my security game but there are some things that I find confusing.
Like how does memory-hard hashed passwords protect against brute force attacks? Let’s assume I have a webapp … Continue reading How does memory-hard hashing passwords protect against brute force attacks?
Not sure if things belongs in Crypto SE or here but anyway:
I’m building an app and I’m trying to decide whatever is secure to protect user passwords in transit, in addition to TLS we already have.
In server side, we already have bcrypt pr… Continue reading Is using Argon2 with a public random on client side a good idea to protect passwords in transit?
I was wondering if it’s possible to implement more secure KDF like bcrypt, scrypt, pbkdf2 and argon2id in PAM authentication.
Ideally I would like to have their hashes instead of SHA-512 ones directly in /etc/shadow, but we all know what U… Continue reading Is it possible to use Argon2id hashes with PAM?
Summary
trying to implement password hashing using Argon2 in C#
I have already tried searching, and can’t find this specific issue. Nor does there seem to be a lot of good (easy for me to interpret?) examples for C# Argon2 (please let me … Continue reading C# Isopoh Argon2 Implementation hash does not verify