Identification of optimal Argon2i parameters for performance and security enhancement

Identification of optimal Argon2i parameters for performance and security enhancement

연구 분야: Databases

학회: International Journal of Information Technology

Traditional password hashing functions like MD5 and SHA-1 are demonstrably insecure against modern attacks. This necessitates the use of stronger alternatives. Argon2i, a newer state-of-the-art password hashing function, offers significant resistance against brute-force and rainbow table attacks. However, its security comes at a cost of increased processing time. This study investigates the optimisation of Argon2i’s password hashing time, while maintaining robust security. The objective is to explore the impact of parameter adjustments on Argon2i’s performance. Experiments were carried out by adjusting parameters of Argon2i, from their minimum values up to the maximum values allowed by the test environment. Through experiments with various parameter configurations, we identify that a 28-character password, 24-character salt, 4000 KB memory size, and parallelism set to twice CPU threads yield the lowest processing time. To validate the security of the optimal parameters, we conducted an avalanche effect analysis, confirming their cryptographic strength. Comparative assessments with established hashing algorithms, namely MD5, SHA-1, and SHA-256, demonstrate Argon2i’s superiority. This study, therefore, makes a significant contribution by providing valuable insights for selecting optimal Argon2i parameters for real-world password hashing deployments while maintaining efficient processing time.