Cryptanalytic Time-Memory Tradeoff for Password Hashing Schemes

A cryptanalytic technique known as time-memory tradeoff (TMTO) was proposed by Hellman for finding the secret key of a block cipher. This technique allows sharing the effort of key search between the two extremes of exhaustively enumerating all keys versus listing all possible ciphertext mappings produced by a given plaintext (i.e. table lookups). The TMTO technique has also been used as an effective cryptanalytic approach for password hashing schemes (PHS). Increasing threat of password leakage from compromised password hashes demands a resource consuming algorithm to prevent the precomputation of the password hashes. A class of password hashing designs provide such a defense against TMTO attack by ensuring that any reduction in the memory leads to exponential increase in runtime. These are called \textit{Memory hard} designs. However, it is generally difficult to evaluate the ``memory hardness of a given PHS design.\\ In this work, we present a simple technique to analyze TMTO for any password hashing schemes which can be represented as a directed acyclic graph (DAG). The nodes of the DAG correspond to the storage required by the algorithm and the edges correspond to the flow of the execution. Our proposed technique provides expected run-times at varied levels of available storage for the DAG. Although our technique is generic, we show its efficacy by applying it on three designs from the ``Password Hashing Competition (PHC) - Argon2i (the PHC winner), Catena and Rig. Our analysis shows that Argon2i fails to maintain the claimed memory hardness. In a recent work Corrigan-Gibbs et al. indeed showed an attack highlighting the weak memory hardening of Argon2i. We also analyze these PHS for performance under various settings of time and memory complexities

Порівняльний аналіз сучасних схем гешування паролів

Квалiфiкацiйна робота мiстить: 52 стор., 6 рисункiв, 3 таблицi, 30 джерел. Наразi для надiйного зберiгання паролiв проводиться їх обробка за спецiальними схемами. У роботi було розглянуто вимоги до захисту схем гешування паролiв. Також було зосереджено увагу на схемах гешування паролiв, що стали фiналiстами конкурсу «Password Hashing Competition», проведено їх порiвняльний аналiз за певними критерiями та визначено схеми, придатнi для впровадження в них геш-функцiї «Купина». Метою роботи є порiвняльний аналiз сучасних схем гешування паролiв та їх адаптацiя пiд нацiональнi криптографiчнi стандарти, що дозволить використовувати сучаснi схеми парольного гешування у засобах криптографiчного захисту, призначених для державних органiв України. Об’єктом дослiдження є криптографiчнi процеси у системах захисту iнформацiї. Предметом дослiдження є схеми гешування паролiв та методи їх аналiзу. У результатi роботи було запропоновано схеми гешування паролiв, що використовують у якостi криптографiчного примiтиву геш-функцiю «Купина», яка є нацiональним стандартом криптографiчного захисту iнформацiї в Українi.Thesis consists of 52 pages, 6 illustrations, 3 tables, 30 literature sources. At present, passwords are processed by special schemes for secure storage. The requirements for protecting of password hashing schemes were considered in this paper. Also, attention was focused on password hashing schemes that became the finalists of the Password Hashing Competition, their comparative analysis according to certain criteria was carried out and the schemes suitable for implementation in them of the Kupyna hash function were defined. The aim of the work is comparative analysis of modern password hashing schemes and their adaptation to the national cryptographic standards, which will allow using of modern password hashing schemes in the means of cryptographic protection that intended for state bodies of Ukraine. The object of the study is the cryptographic processes in the systems of information protection. The subject of the study is the password hashing schemes and methods of their analysis. As a result of the work, there were proposed password hashing schemes that use the Kupyna hash function as a cryptographic primitive, which is the national standard of cryptographic protection of information in Ukraine