What is Argon2?
Argon2 is a cryptographic algorithm that won the Password Hashing Competition in July 2015. This competition was designed to select a hash algorithm to be recognized as a globally accepted standard for password hashing. More specifically, Argon2 is a key derivation function (KDF) designed to be GPU-resistant. Understanding how passwords work, what a KDF is, and why GPU resistance is relevant is vital to understanding the value of Argon2.
A Brief History of Password Management
A while back, developers decided that storing passwords in plaintext was a bad idea. If an attacker - or a malicious user - gained access to the password file, they would have access to all of the user accounts. Instead, computers and applications stored password hashes rather than the password itself. A password hash is the result of sending a password through a hash function, which has a few useful properties. These are determinism (hashing a value has the same result every time), collision resistance (it is infeasible to find two hash function inputs that produce the same output), and the fact that a hash function is a one-way function (it isn’t possible to derive the input to a hash function from the output it produces).
With hash functions, developers could create an authentication system that doesn’t reveal user passwords. Instead of comparing a user-submitted password to a stored version, they stored and compared password hashes. This made the system usable but concealed a user’s passwords.
Under this scheme, the best way for an attacker to break the system is to guess the password. This could be accomplished using a dictionary attack (if the user has a weak password) or via a brute-force search. The security of the system comes down to the fact that guessing the right password takes too long for an attacker.
Key Derivation Functions
This system is secure in theory, but has a few issues in practice: people choose weak passwords and computers keep getting faster. This is where key derivation functions (KDFs) come into play.
A KDF is an algorithm that is designed simply to make a password guessing attack more time-consuming for an attacker. Instead of performing a single hash calculation to derive the “key” (the values compared by the system) from the user’s password, multiple operations are performed. This often includes running the same hash function many times, feeding the previous round’s output in as the input of the next round.
By making each test take longer, a KDF makes even weak passwords harder to guess. A KDF that takes 10x as long as a single hash calculation makes a password guessing attack take 10x as long as well. Additionally, most KDFs allow the user to change the number of iterations to run, enabling them to increase the runtime to 10x, 100x, 1000x, etc.
Argon2 is an example of a KDF, but it also has another useful property: GPU resistance. This property is also designed to help slow down password guessing attacks.
Graphics Processing Units (GPUs) are optimized to perform certain operations very quickly. As their name suggests, they were originally designed for graphics processing, but they are also very good at performing the hash calculations used in KDFs. By running password cracking code on a GPU instead of a CPU, an attacker can crack a password many times more quickly.
However, GPUs have one major limitation: the amount of memory that they can use. A GPU has optimized access to a small pool of memory that enables it to perform its rapid calculations. However, if it needs more memory than this small cache, it is no faster than a CPU (accessing a computer’s other memory is slow).
Argon2 is an example of a KDF that takes advantage of this limitation by deliberately using more memory than a GPU has built-in. By doing so, it protects against password guessing because an attacker can’t take full advantage of the greater processing speed of GPUs in their attack.
How Does Argon2 Help to Protect Data?
Argon2 helps to protect your data because your password is your data’s primary line of defense. If data is encrypted (i.e. in an end-to-end encrypted messaging application), then the encryption key used to protect the data is one derived from your password using a KDF like Argon2. If an attacker has your password, they can calculate your encryption key and decrypt your data.
Argon2 makes it harder for an attacker to get your password. Unless you give the attacker your password (via a phishing attack or similar), the best way for them to get it is guessing it. By making this guessing process slower and more time-consuming, Argon2 decreases the probability that an attacker will succeed in guessing your password before they give up.
Security Is Only As Strong As the Weakest Link
When evaluating the security of an encrypted messaging app or other encrypted data storage solution, it is common to focus on the encryption algorithm. If an application isn’t using a strong encryption algorithm (like AES), then it is possible that an attacker can break the encryption and read your data without knowing the secret key.
However, just using a strong encryption algorithm isn’t enough for security. If an attacker can guess your password, they can access your data regardless of the encryption algorithm used to protect it. For this reason, it is also important to check that an application uses a strong KDF like Argon2 to protect against password guessing attacks.