Towards practical attacks on Argon2i and balloon hashing Conference Paper


Author(s): Alwen, Joël; Blocki, Jeremiah
Title: Towards practical attacks on Argon2i and balloon hashing
Affiliation IST Austria
Abstract: The goal of key-stretching is to protect low-entropy secrets (e.g., passwords) against brute-force attacks. A good key-stretching algorithm should satisfy the properties that (1) an honest party can compute a single instance of the algorithm on standard hardware for a moderate cost, (2) the amortized cost of computing the algorithm on multiple instances on customized hardware is not (significantly) reduced. The first property ensures that it is possible for honest parties (who already know the secret) to execute the algorithm, while the later property ensures that it is infeasible for an adversary to execute a brute-force attack with millions/billions of different guesses for the user's secret. Key-stretching techniques like hash iteration (e.g., bcrypt) fail to achieve the later property as the cost of evaluating hash functions like SHA256 can be dramatically reduced by building Application Specific Integrated Circuits (ASICs).
Conference Title: EuroS&P: European Symposium on Security and Privacy
Conference Dates: April 26-28, 2017
Conference Location: Paris, France
Publisher: IEEE  
Date Published: 2017-07-03
Start Page: 142
End Page: 157
URL:
DOI: 10.1109/EuroSP.2017.47
Open access: yes (repository)
IST Austria Authors
  1. Joel Alwen
    13 Alwen
Related IST Austria Work