Balloon hashing

April 16, 2024

Balloon hashing is a key derivation function presenting proven memory-hard password-hashing and modern design. It was created by Dan Boneh, Henry Corrigan-Gibbs (both at Stanford University) and Stuart Schechter (Microsoft Research) in 2016.^[1]^[2] It is a recommended function in NIST password guidelines.^[3]

The authors claim that Balloon:

has proven memory-hardness properties,
is built from standard primitives: it can use any standards non-space-hard cryptographic hash function as a sub-algorithm (e.g., SHA-3, SHA-512),
is resistant to side-channel attacks: the memory access pattern is independent of the data to be hashed,
is easy to implement and matches the performance of similar algorithms.

Balloon is compared by its authors with Argon2, a similarly performing algorithm.^[1]

Algorithm edit

There are three steps in the algorithm:^[1]

Expansion, where an initial buffer is filled with a pseudorandom byte sequence derived from the password and salt repeatedly hashed.
Mixing, where the bytes in the buffer are mixed time_cost number of times.
Output, where a portion of the buffer is taken as the hashing result.

References edit

^ ^a ^b ^c Boneh, Dan; Corrigan-Gibbs, Henry; Schechter, Stuart (2016-01-11). "Balloon Hashing: A Memory-Hard Function Providing Provable Protection Against Sequential Attacks". ePrint. 2016 (27). Retrieved 2019-09-03.
^ "Balloon Hashing". Stanford Applied Crypto Group. Stanford University. Retrieved 2019-09-03.
^ NIST SP800-63B Section 5.1.1.2

External links edit

Research prototype code on Github
Python implementation
Rust implementation
Alwen; Blocki (2016). "Efficiently Computing Data-Independent Memory-Hard Functions". ePrint. 2016 (115).
Alwen; Blocki (2016). "Towards Practical Attacks on Argon2i and Balloon Hashing". ePrint. 2016 (759).

April 16, 2024

balloon, hashing, derivation, function, presenting, proven, memory, hard, password, hashing, modern, design, created, boneh, henry, corrigan, gibbs, both, stanford, university, stuart, schechter, microsoft, research, 2016, recommended, function, nist, password. Balloon hashing is a key derivation function presenting proven memory hard password hashing and modern design It was created by Dan Boneh Henry Corrigan Gibbs both at Stanford University and Stuart Schechter Microsoft Research in 2016 1 2 It is a recommended function in NIST password guidelines 3 The authors claim that Balloon has proven memory hardness properties is built from standard primitives it can use any standards non space hard cryptographic hash function as a sub algorithm e g SHA 3 SHA 512 is resistant to side channel attacks the memory access pattern is independent of the data to be hashed is easy to implement and matches the performance of similar algorithms Balloon is compared by its authors with Argon2 a similarly performing algorithm 1 Algorithm editThere are three steps in the algorithm 1 Expansion where an initial buffer is filled with a pseudorandom byte sequence derived from the password and salt repeatedly hashed Mixing where the bytes in the buffer are mixed time cost number of times Output where a portion of the buffer is taken as the hashing result References edit a b c Boneh Dan Corrigan Gibbs Henry Schechter Stuart 2016 01 11 Balloon Hashing A Memory Hard Function Providing Provable Protection Against Sequential Attacks ePrint 2016 27 Retrieved 2019 09 03 Balloon Hashing Stanford Applied Crypto Group Stanford University Retrieved 2019 09 03 NIST SP800 63B Section 5 1 1 2External links editResearch prototype code on Github Python implementation Rust implementation Alwen Blocki 2016 Efficiently Computing Data Independent Memory Hard Functions ePrint 2016 115 Alwen Blocki 2016 Towards Practical Attacks on Argon2i and Balloon Hashing ePrint 2016 759 Retrieved from https en wikipedia org w index php title Balloon hashing amp oldid 1182493806, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.