Support for Balloon Hashing

Question

Support for Balloon Hashing

Closed this issue 7 months ago · 10 comments

Balloon hashing (Wikipedia), is similar to Argon2, which has proven memory-hardness properties. But it claims to match the performance of similar algorithms. It seems easy to implement. And it is recommended by NIST password guidelines.

There are Rust and Python implementations for references.

Balloon actually wraps existing hash functions, so we may need a generic type over MessageDigest for any standards non-space-hard cryptographic hash function.

Answer 1 · 2023-09-21T15:43:42.000Z

Hi @Colerar,

thank you for your interest in the project!

I'm reviewing the paper and the implementations you provided and see if there is any industry standard.

Answer 2 · 2023-10-04T09:11:46.000Z

@firaja any news? When will it get implemented?

Answer 3 · 2023-10-04T12:00:17.000Z

Hi @BigPanda97 the implementation is in progress.
Unfortunately I can work on it only during free time 🤕

Answer 4 · 2023-10-04T12:37:13.000Z

Unfortunately I can work on it only during free time 🤕

That's absolutely okay, but nice to hear that it will get implemented. 😊

Answer 5 · 2023-10-09T07:06:35.000Z

Hi @Colerar @BigPanda97,

in this branch you can find a preview version of Balloon Hashing: https://github.com/Password4j/password4j/tree/bal
This is the PR: #132

If you can test it along with the implementation you are using it would be great.

Here a quick usage guide for mono thread version (parallelism = 0)

// parameters:
// - algorithm name
// - space cost
// - time cost
// - parallelism
// - delta
BalloonHashingFunction balloonHashingFunction = BalloonHashingFunction.getInstance("SHA-256", 16, 20, 0, 4);
 
Hash hash = Password.hash("buildmeupbuttercup").addSalt("JqMcHqUcjinFhQKJ").with(balloonHashingFunction);

hash.getResult(); // 2ec8d833db5f88e584ab793950ecfb21657a3816edea8d9e73ea23c13ba2b740

and there the M-thread version (parallelism > 0)

BalloonHashingFunction balloonHashingFunction = BalloonHashingFunction.getInstance("SHA-256", 16, 20, 7, 4);
 
Hash hash = Password.hash("buildmeupbuttercup").addSalt("JqMcHqUcjinFhQKJ").with(balloonHashingFunction);

hash.getResult(); // 1c271e9069cb694ba5ae9d3da1f57be4614063e014410e7c484d7b47f8291bac

TODO:

cryptographic pepper
documentation
more tests
handling of borderline cases

Answer 6 · 2023-10-09T10:14:41.000Z

It looks like a new thread pool is created every time a hash is calculated. So the multi-threaded version may be slower than the non-multi-threaded version. 🤔

Answer 7 · 2023-10-09T10:45:20.000Z

@Colerar do you suggest to make the thread pool shared among all the instances of BalloonHashingFunction (in most cases it will be a singleton) with a decent number of threads (e.g. parallelism * k, with k given by the end-user)?

Answer 8 · 2023-10-09T10:51:04.000Z

@Colerar do you suggest to make the thread pool shared among all the instances of BalloonHashingFunction (in most cases it will be a singleton) with a decent number of threads (e.g. parallelism * k, with k given by the end-user)?

Yes, shared thread pool is reasonable.

Answer 9 · 2023-10-10T11:40:35.000Z

Hi @Colerar I've updated the PR with a instance-shared forever-living thread pool.
The number of threads is related to the number of available cores and not to the parallelism parameter.

Answer 10 · 2024-03-04T09:24:40.000Z

This feature is now present in 1.8.0