VP 330: Argon2 Hashes (47 pts)

Purpose

Understand the advantages of Argon2 hashes and practice using them.

Theory

If you just want to do the hands-on projects, skip this section.

Background

Read this article (you can skip sections 3.2 - 6.3):
Argon2: the memory-hard function for password hashing and other applications
Then answer the questions below.

Flags VP 330.1: Hash System (2 pts)

What hashing system uses SMix and ROMix?

Flags VP 330.2: Hash Type (2 pts)

What is the technical term for a hash function with this property:
D(α) > 1/α as α → 0

Flags VP 330.3: Side-Channel (2 pts)

Which flavor of Argon2 is vulnerable to side-channel attacks?

Flags VP 330.4: Chains (2 pts)

What parameter determines how many independent computational chains can be run?

Flags VP 330.5: Cold Boot (2 pts)

Which flavor of Argon2 resists cold-boot attacks?

Installing Argon2-cffi

We'll use the argon2-cffi library, documented at:
argon2-cffi
Execute this command: 
python3 -m pip install argon2-cffi

Testing Argon2-cffi

Execute this command to start Python 3 in interactive mode: 
python3
Then execute this commands to hash a password and check password guesses: 
from argon2 import PasswordHasher
ph = PasswordHasher()
hash = ph.hash("s3kr3tp4ssw0rd")
hash
ph.verify(hash, "s3kr3tp4ssw0rd")
ph.verify(hash, "wrongpassword")
As shown below, the correct password returns "True", and an incorrect password causes an exception.
Execute these commands to see the attributes of the password hash object you created in the previous steps, and display the value of the __class__ attribute: 
dir(ph)
ph.__class__
The class is displayed, as shown below.

Flags VP 330.6: Salt Length (2 pts)

How many bytes long is the salt used in the password hash you computed in the previous steps?

Flags VP 330.7: Password (10 pts)

The password is passwordNN, where NN is a two digit number, like password11.

Find the password matching the hash below. That password is the flag. 

$argon2id$v=19$m=102400,t=2,p=8$Mux7n699exB8C1AkxNhuRg$CX1V+Ge1I8vbrcY+8nbuCw

Flags VP 330.8: Hash (10 pts)

Calculate a hash of password using these parameters:
  • Time cost: 100
  • Memory cost: 102400
  • Parallelism: 8
  • Hash length: 8 bytes
  • Salt length: 8 bytes
  • Encoding: utf-8
  • Type: Argon2id
The flag is covered by a green rectangle in the image below.

Flags VP 330.9: Password (10 pts)

The password is passwordNN, where NN is a two digit number, like password11.

Find the password matching the hash below. That password is the flag.

Part of the hash has been redacted and replaced with underscores. 

$argon2id$v=19$m=10000,____,p=8$Wqly3ozrCqU$AxBO2QSKTG4

Flags VP 330.10: Salt (5 pts)

Find the salt for this hash. That salt, as eight ASCII characters, is the flag. 
$argon2id$v=19$m=2000,t=1,p=8$eEhMUHNvN04$AYQTWoJXnJE

References

UTF-16 from Wikipedia
crypt function not hashing properly on Mac (uses a specific salt)
PBKDF2
Argon2: Practical Cryptography for Developers
Argon2 Github
Open Sesame The Password Hashing Competition and Argon2
How to Choose the Right Parameters for Argon2
argon2-cffi
Posted 7-9-2020