How to improve user password security with Argon2?
Even the best digital products are at risk of cyber attacks and while a strong password can help with protecting your digital assets, it’s not a foolproof method. Learn how to use the Argon2 algorithm to prevent passwords from being cracked.
Table of contents
What is Argon2?
Argon2 is a cryptographic algorithm that allows you to store your entries safely. Argon2 is dedicated to password encryption and doesn’t have any uses apart from that. It’s a modern algorithm that allows you to choose which protection you want to apply, be it resistance to GPU attacks, side-channel attacks, or even both. In July 2015, Argon2 entered and won the Password Hashing Competition — and has remained a top algorithm ever since.
What modes does Argon2 algorithm have?
To generate passwords, Argon2 algorithm uses three parameters: time, memory, and threads. Each of them is customizable, depending on your needs and your machine resources, but you should also adjust the values depending on server capabilities. There are three types of Argon:
- Argon2i - built for resistance to side-channel attacks
- Argon2d - built for protection from GPU cracking attacks
- Argon2id - a hybrid of the above two
Argon2 and other password hashing algorithms
In my opinion, a big advantage of Argon2 is the option to choose between modes of protection. Other algorithms don’t have that flexibility. Let’s take a look at bcrypt which is currently one of the most used algorithms for password encryption.
Argon2 vs. bcrypt
bcrypt uses cost and salt. Cost is the amount of time for the CPU used to create the hash. Let’s assume that your salt has been exposed and leaked. You’re still kinda safe. Why? It’s because the cost’s value is still a secret.
Creating a brute force attack with a couple of cost options is still a threat, but would require a lot of resources. Most brute force attacks use so-called rainbow tables, which are pre-generated tables with frequently-used passwords. Just don’t use values under 10 for the cost, as the password has its limitations, namely 72 characters limit. The only drawback to using bcrypt? It’s vulnerable to side-channel attacks.
Argon2 vs. scrypt
Scrypt is similar to Argon2, in the way that it requires time, memory and threads to compute. It also requires much more memory compared to bcrypt. You can find scrypt being used in cryptocurrency projects like Litecoin or Dogecoin - which are Elon Musk’s personal favorites (see more about Tesla app security).
The output hash served by scrypt is always unique, which by itself is a good enough reason to use it in cryptography. To crack it with hardware brute force would be about a couple of thousand times harder than cracking a bcrypt password. Unfortunately, scrypt wasn’t designed to be a password hashing algorithm, and is vulnerable to GPU password cracking.
Benefits of Argon2 password hashing
The biggest benefit of Argon2 encription is there is no need to compromise on security nor speed. The availability of customization it’s no wonder that this algorithm is recommended by the OWASP Foundation.
I have noticed that the cryptography world is torn between GPU cracking and side-channel attacks. Obviously, there are other types of attacks, but we should be particularly aware of those that carry a risk of password cracking. In my opinion, the Argon2 algorithm is the best solution to that, because you never know just how hackers will attack you. I believe that in web development, side-channel attacks are rarely a danger. There is always a risk that a hacker can take control of your server and prepare a cache attack, timing attack, or power-monitoring attack. However, hashing algorithms will not fix all issues, since app security depends on its weakest link, like a badly secured server.
Argon2 in PHP
Basic support for Argon2i is available in PHP 7.2 and the following version (PHP 7.3) comes with Argon2id. Here is an example code to generate hash the password:
password_hash(‘password’, PASSWORD_ARGON2ID, \['memory_cost' => 957, 'time_cost' => 5, 'threads' => 1]);\
Here is an example output from that function:
$argon2id$v=19$m=957,t=5,p=1
$aS4vM00xQjdJeXFxbHE3SA$InoXzAoGq7W6j40bm25Jb4R/aVy+xA2aWrbXOASEs3E
Only the hash part should be saved into the database. You don’t want to help the attacker to know how you encrypted the passwords.
$aS4vM00xQjdJeXFxbHE3SA$InoXzAoGq7W6j40bm25Jb4R/aVy+xA2aWrbXOASEs3E\
Most of us would probably consider adding salt into the password and hash it. Do you really need that? The answer is: you don’t. The PHP core written in C already handles adding random salt into your password. It generates the salt after calling the password_hash function. The salt is generated and added into the hash. You might see the $ character in the output hash.
Argon2 hashing in different languages
Many other languages have already implemented Argon2: be it Java, Node.JS, Python, Go, or C#. The implementation might be familiar to PHP - with salt being the only exception. Some languages might have an option to specify the length of the generated hash.
Migrate current solutions to Argon2
Migrating a password can be done in two ways: with or without notifying the user that they are required to generate a new password.
Notifying your user might force them to set up a new password, which not everyone will be happy about, but will still do it for the sake of security. This is the best course of action, if you’re using bcrypt or scrypt and you want to migrate to Argon2. There is no point in rehashing bcrypt passwords into Argon2 - doing so will not improve security and requires more resources to crack.
Migrating the password without notifying the user is only recommended if you are using MD5, SHA-1, or some basic hashing algorithm. Generating these hashes is both easy and doesn’t require a lot of resources. This can also be true if you decide to migrate those hashes - depending on your database size. Remember, that you should not be migrating this way if you have more than one hash algorithm: adding another one would make your job even more difficult.
Conclusions
In my opinion, Argon2 is the best password hashing algorithm available. What I like about it is that it’s customizable and offers different types of protection to choose from. After all, we are entering the era of quantum computing, where breaking SHA-1 (even with the salt) is going to be easier than ever - and Argon2 can help you prevent that.
Share this article: