GPU-bursting Password and Key Derivation: Argon2

The Ringo data breaches remind me that companies still struggle to protect their systems properly. But, there are no excuses any more, as passwords and customer details should be stored in a secure form. In this article, we will look at the Argon2 key derivation method, which can be used to create encryption keys from a secret value and a salt and also as a way to store passwords. This method is robust against GPU cracking. We will thus use OpenSSL, Golang and Rust to implement the method.

OpenSSL

As you may know OpenSSL — with Heartbleed — nearly broke the Internet. But, it is a program which is fundamentally important to the security and trust of the Internet, and is still used by the majority of Web site to implement cryptographic operations. Overall, though, it can be a little slow to move and has only made it to Version 3. Now, though, we see the release of 3.2.0, and which brings many new features, including post-quantum methods, Brainpool curves and QUIC:

One of the cool new additions is the integration of Argon, and which focuses on bursting the GPU cracking of passwords.