Argon2 vs SHA-512: Password Security

TL;DR

For storing passwords, always use Argon2. SHA-512 is far too fast and vulnerable to cracking attacks even with salting. Argon2 is specifically designed to be slow and memory-intensive, making it much harder for attackers.

Understanding the Problem

You’re right to question which hashing algorithm to use! Both Argon2 and SHA-512 can create a ‘hash’ from your passwords, but they do so in very different ways. SHA-512 is an older algorithm originally designed for general data integrity – not specifically password storage. Argon2 is a modern key derivation function (KDF) built to resist attacks targeting password databases.

Why SHA-512 Isn’t Good Enough

1. Speed: SHA-512 is very fast. This sounds good, but it means attackers can try billions of passwords per second using readily available hardware (like GPUs).
2. Susceptible to Brute-Force Attacks: Because it’s so quick, brute-force and dictionary attacks are highly effective against SHA-512 hashes, even when you add a ‘salt’. A salt makes each password hash unique but doesn’t fundamentally slow down the cracking process enough.
3. Lack of Adaptive Security: SHA-512’s computational cost is fixed. As computing power increases, it becomes easier to crack.

Why Argon2 Is Better

1. Designed for Passwords: Argon2 was created specifically to resist password cracking attacks.
2. Memory Hardness: Argon2 requires a significant amount of memory during the hashing process. This makes it expensive and difficult to parallelise on GPUs, which are commonly used in attacks.
3. Time Cost Parameter: You can configure Argon2 to take longer to compute, increasing security at the cost of performance.
4. Adaptive Security: The time cost parameter allows you to increase the hashing difficulty over time as hardware improves.

Argon2 Variants

There are three main Argon2 variants:

• Argon2d: Best for resisting GPU cracking attacks, uses data-dependent memory access. Generally the best choice if you’re unsure.
• Argon2i: Designed to resist side-channel attacks (e.g., timing attacks). Good for situations where an attacker has significant control over the execution environment.
• Argon2id: A hybrid approach combining Argon2d and Argon2i, offering a good balance of security features. Recommended if you need protection against both GPU cracking and side-channel attacks.

Implementing Argon2 (Example using Python)

This example uses the passlib library in Python. You’ll need to install it first: pip install passlib

from passlib.hash import argon2_id

pwd = "mysecretpassword"

salt = argon2_id.generate_salt()
hashed_pwd = argon2_id.hash(pwd, salt=salt)

print(f"Salt: {salt}")
print(f"Hashed Password: {hashed_pwd}")

# Verification example:
if argon2_id.verify(pwd, hashed_pwd):
    print("Password matches!")
else:
    print("Password does not match.")

Configuration Parameters

When using Argon2, you need to configure the following parameters:

• time_cost: The number of iterations. Higher values increase security but also hashing time (default is usually good).
• memory_cost: The amount of memory used in kilobytes (KB). Higher values increase security and resistance to GPU attacks.
• parallelism: The number of parallel threads. This can improve performance on multi-core systems, but be careful not to set it too high as it can consume excessive resources.

Example configuration:

hashed_pwd = argon2_id.hash(pwd, salt=salt, time_cost=3, memory_cost=1024 * 16, parallelism=2)

Summary

1. Don’t use SHA-512 for password storage.
2. Use Argon2 (Argon2id is a good default choice).
3. Configure the time_cost, memory_cost and parallelism parameters appropriately. Start with reasonable defaults and increase them as needed based on your performance requirements and security needs.