MiloTheFox/argon2-with-rust
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
argon2-with-rust/README.md

99 lines
5.4 KiB
Markdown
Raw Permalink Normal View History

README.md aktualisiert
2024-09-07 13:23:36 +00:00
# Argon2 with Rust
This repository features an implementation of password hashing in Rust using the Argon2 algorithm. For those who are not familiar with this topic, password hashing is a way of securing user passwords by transforming them into a different format, which is then stored instead of the original password. For more information on this topic e.g. how it works and why it is so important for cyber-security, feel free to refer to these resources:
Initial commit
2024-09-07 11:29:34 +00:00
README.md aktualisiert
2024-09-07 13:23:36 +00:00
[Password Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
[What Salting has to do with Password Security](https://voleer.com/blog/what-salting-has-to-do-with-password-security)
[How does Hashing and Salting work?](https://www.tokenex.com/blog/ab-hashing-vs-salting-how-do-these-functions-work/)
### Keep in mind that this is a basic implementation and will most likely get updates every once in a while to maintain its performance and stability.
## Argon2
Argon2 is a modern password hashing algorithm that won the [Password Hashing Competition](https://www.password-hashing.net/) in 2015. It is designed to be resistant against brute-force and side-channel attacks by requiring a large amount of memory and time to compute the hash.
## Security and trade-offs of all 3 Argon2 variants
Argon2 has three variants: Argon2d, Argon2i and Argon2id. The main differences between them are:
| Variant | Resistance to GPU Cracking Attacks | Resistance to Side-Channel Attacks |
|---------|-----------------------------------|------------------------------------|
| Argon2d | High | Low |
| Argon2i | Low | High |
| Argon2id| Medium | Medium |
In general, Argon2id is recommended as the default choice for most applications. However, depending on your specific use case and security requirements, you may want to choose a different variant or adjust the parameters of the algorithm, such as the memory size, the number of iterations, and the degree of parallelism.
## Understanding the Attacks
Let's understand what the mentioned attacks actually are:
- A **Cache-Timing Attack** is a type of side-channel attack where an attacker gains information about a system by tracking cache access made by the victim system in a shared environment.
- A **Side-Channel Attack** is based on the fact that when cryptosystems operate, they cause physical effects, and the information from these effects can provide clues about the system.
- A **GPU-Based Attack** exploits the graphics processing unit (GPU) of a system.
Because I highly value your security and ask you to be **ABSOLUTELY CAUTIOUS** when using someone else's code, software etc. here are sources to refer to about how to protect yourself from the above mentioned attacks:
[Source related to Cache-Timing Attacks](https://link.springer.com/article/10.1007/s13389-020-00246-3)
[Source related to Side-Channel Attacks](https://techgenix.com/side-channel-attack/)
[Source related to GPU-Based Attacks](https://marksilberstein.com/wp-content/uploads/2020/02/gpuattack.pdf)
## How to run the code?
1. Note: **If you already have rust installed, skip this step**
Here are the necessary steps to get the Rust Compiler for the different Operating Systems Windows, MacOS or Linux:
## Keep in mind that this may change in the future!
**Windows**:
1. Install Visual Studio (recommended) or the Microsoft C++ Build Tools.
2. Install Rust from the Rust website. The website detects that you're running Windows, and it offers you 64- and 32-bit installers of the rustup tool for Windows.
3. Install the Microsoft C and C++ (MSVC) toolchain by running `rustup default stable-msvc`.
**MacOS**:
1. Open a terminal and enter the following command: `curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh`.
2. Install a C compiler by running: `xcode-select --install`.
**Linux**:
1. Download the installation script with the curl command and run it in the terminal: `curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh`.
2. Write your Rust program in a file with a `.rs` extension.
To actually run the code,
2. **Clone the Repository**: First, you need to clone the repository to your local machine. You can do this using Git with the following command:
```shell
git clone https://github.com/LunaTheFox20/rust-password-hashing.git
```
3. **Navigate to the Project Directory**: Use the `cd` (`chdir` if you use Linux or MacOS) command to navigate to the directory containing the project files:
- Windows:
```shell
cd rust-password-hashing
```
- MacOS & Linux
```shell
chdir rust-password-hashing
```
4. **Build the Project**: Use the Rust package manager, Cargo, to build the project. This will compile your code and create an executable file. Run the following command:
```shell
cargo build --release
```
The `--release` flag will build the project in release mode, with optimizations for performance.
5. **Run the Program**: Finally, you can run the program using Cargo with the following command:
```bash
cargo run --release
```
The program will then generate a specific amount of passwords. (For the length, I recommend at least 16 characters)
6. After the passwords have been generated, the program will return the generated hashes.
Reference in a new issue Copy permalink