Cryptography

PBKDF2, BCrypt, SCrypt and Argon2

Easy
20 min

What is PBKDF2?

Cyber Security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.

Password-Based Key Derivation Function 2 (PBKDF2) is a security standard designed to enhance the security of passwords by converting them into long and complex keys using hash functions. PBKDF2 is a widely accepted method used for protecting passwords and deriving cryptographic keys.

It is not actually a hash function but a key derivation function used to create cryptographic keys from a password and a salt.

It can be used for both secure storage of passwords and derivation of cryptographic keys.

Operation principle of PBKDF2

PBKDF2 reinforces weak passwords through an iterative process. Its goal is to make key computation difficult, which slows down attackers' attempts to crack passwords through brute-force attacks or using rainbow tables.

Key Features:

  • Salt: PBKDF2 uses a salt, which is a random string added to the password before its processing. This prevents attackers from effectively using precomputed hashes and ensures that two same passwords result in different keys.
  • Iterations: The number of iterations used in the key derivation can be adjusted. The higher the number of iterations, the more secure the process is, but it also takes longer to complete. This balance effectively protects passwords from brute-force attacks while also providing usability.
  • Hash function: PBKDF2 can be combined with any hash function, such as SHA-256 or SHA-1. The choice affects the security of the final key and the computational complexity.

Uses of PBKDF2

The main purpose of PBKDF2 is to protect passwords when storing them. It converts weak passwords into computationally secure keys that can be safely stored in databases. In addition, it is widely used in the following applications:

  • Introduction to cryptographic keys: For example, encryption keys derived from the user's password.
  • Digital signature: To confirm the integrity and authenticity of the message.
  • VPN and other network authentication protocols: To improve user authentication in secure connections.

What is bcrypt?

BCrypt is a cryptographic hash function specifically designed for protecting passwords. It was developed by Niels Provos and David Mazières in 1999 and is based on the Blowfish cipher algorithm. The main feature of BCrypt is its ability to resist brute-force attacks by providing a scalable workload that makes it computationally expensive for attackers.

bcrypt Operational Principle

The core idea behind bcrypt's design is to slow down computation time. Unlike traditional hashing functions that are optimized for speed, bcrypt intentionally adds computational overhead. This is achieved by using "salt" and a workload factor that determines how many times the hashing function is executed.

Work factor

Work factor is a key feature of bcrypt. It allows adjusting the level of difficulty in calculations, which means that the difficulty of performing a hashing function can be increased over time as computational power grows. This makes bcrypt a long-term solution for protecting passwords.

Use cases for bcrypt

Bcrypt has become the industry standard for protecting passwords in web applications. Its popularity is based on its ability to provide strong security in a simple and efficient way. Modern web frameworks and programming languages offer ready-made tools based on bcrypt, making it easier to integrate into applications.

What is SCrypt?

SCrypt is a hashing function designed specifically for protecting passwords by providing high computational complexity and memory-intensive process. It was developed by Colin Percival in 2009, with the goal of creating a hashing mechanism that would be immune to brute-force attacks. SCrypt is now widely accepted and utilized method, which has found its place in both password protection and cryptocurrency mining.

SCrypt Technical Operation

SCrypt stands out from other hashing functions such as SHA-256 and bcrypt in terms of its unique computational complexity and memory usage. Its basic idea is to require a significant amount of memory during each hashing operation, making it both time and resource intensive to perform.

Key Features of SCrypt:

  • Memory intensiveness: SCrypt requires a large amount of RAM memory during its runtime, making it difficult to implement on hardware optimized only for computational power.
  • Adjustable computational complexity: Like PBKDF2 and bcrypt, SCrypt allows adjusting the computational difficulty level with parameters, but adds a memory requirement that makes it even more secure.

SCrypt Use Cases

Originally, SCrypt was developed to enhance the security of web services passwords by providing a mechanism that effectively protects against both online and offline attacks. Later, its use expanded into the world of cryptocurrencies, especially with Litecoin's choice of SCrypt as its mining mechanism due to its computational and memory-intensive nature.

Scrypt and Password Protection

Using SCrypt to protect passwords helps reduce the risk of passwords being cracked using massive computational power. Its memory-intensive nature makes it a particularly difficult target for attacks that attempt to exploit parallel computing.

Scrypt and Cryptocurrency Mining

The implementation of SCrypt in Litecoin and other cryptocurrencies was a response to the problems detected in Bitcoin mining, where ASIC devices began to dominate mining power. The memory-intensive nature of SCrypt made developing ASIC chips for mining more expensive and complex, which helped keep mining accessible to a wider audience.

What is Argon2?

The winner of the password hashing competition held in 2015, Argon2, is now at the forefront of password protection. Designed to meet the needs of the modern digital world, Argon2 offers improved security, efficiency, and flexibility. It has been developed to overcome the limitations of its predecessors (bcrypt and SCrypt), while providing strong protection against brute-force attacks and memory side-channel attacks.

Features of Argon2

Just like SCrypt, Argon2 is designed to take into account both computational power and memory requirements, making it both time and memory intensive. This feature makes it highly resistant to attacks, especially when the attacker has access to specialized hardware.

Argon2 - Memory Intensity and Adjustability

Unlike many previous hashing functions, Argon2 allows for adjusting memory usage, making it flexible in different application environments. This memory-intensive process is designed to prevent attacks that exploit parallel computing and specialized hardware, such as ASIC circuits.

Argon2 Versions

Argon2 contains three variants: Argon2d, Argon2i, and Argon2id, each optimized for different purposes.

  • Argon2d is designed to provide the strongest possible protection against side-channel attacks. It is ideal for applications where the attacker does not have physical access, such as databases located on remote servers. Argon2d's memory usage is data-dependent, making it a strong defense especially against offline attacks, such as rainbow tables.
  • Argon2i is designed to be resistant against side-channel attacks and it is best suited for applications where an attacker may gain physical access to the hardware. Its memory usage is independent, meaning it is designed to minimize the attack surface for side-channel attacks, such as timing and power-based attacks.
  • Argon2id is a hybrid model that combines the features of Argon2d and Argon2i, providing both side-channel attack protection and strong protection against offline attacks. In the first phase, it uses Argon2i's data-independent memory usage and then switches to Argon2d's data-dependent memory usage. This makes Argon2id a versatile solution that offers balanced protection against multiple types of attacks.

Task

Use CyberChef's PBKDF2 module and generate a cryptographic hash for the password "hakatemia" using the following settings:

  • Passphrase: hakatemia
  • Algorithm: sha512
  • Salt: tonttu (choose UTF8 in CyberChef)
  • Iterations: 1000

Note that in CyberChef's PBKDF2 module, the passphrase comes from the "Passphrase" field, so we are not using the "Input" value this time.

What is the result of the operation?

hakatemia pro

Ready to become an ethical hacker?
Start today.

As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.