[wp-trac] [WordPress Trac] #39499: Migrate Password Hashing from 8192 rounds of salted MD5 to Argon2i v1.3
WordPress Trac
noreply at wordpress.org
Fri Jan 6 20:44:40 UTC 2017
#39499: Migrate Password Hashing from 8192 rounds of salted MD5 to Argon2i v1.3
------------------------------------------+------------------------------
Reporter: paragoninitiativeenterprises | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
------------------------------------------+------------------------------
Comment (by paragoninitiativeenterprises):
> Last question: Can you talk about your choice of Argon2i over Argon2d?
Keep in mind your audience includes non-infosec and non-crypto people.
To be clear: This was the libsodium choice, not one of my own design.
Argon2d is great for offline devices (e.g. generating your Bitcoin private
key from a password and salt). Argon2i is better for interactive use (i.e.
password validation in a web application).
Formally: Argon2d uses memory-dependent addressing to make it harder to
crack on a GPU. Argon2i uses memory-independent addressing, to resist
timing attacks.
With Argon2d: Which bytes are used in the next step depend entirely on the
output of the current step. It's expensive to attempt to reproduce the
execution path without using a ton of memory.
With Argon2i: The time it takes to hash a password doesn't vary depending
on the input. It doesn't leak information through side-channels.
Cache-timing side-channels matter on software that communicates over the
Internet. That makes Argon2i a more conservative choice.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39499#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list