Password hashingseems easy - just take a memory hard function, apply it to a password andyou’re done. It might be so unless you have a high loaded web service withtight requirements for performance and response times and you need to achieve as maximum security as possible keeping in mind obvious computation DoSattacks (memory hard functions are hard not only for attackers, aren't they?). In this talk I'll give an overview of modern approaches to password hashing. We’ll discuss some details about Argon2 (d, i, id) and Yescrypt algorithms and different approaches to password hashing used in big Internetcompanies (what schemes are used, how to select parameters for algorithmsetc.). In addition, I'll present our open source library Argonishche* that contains implementations of Argon2 and Blake2B optimized for SSE2, SSSE3, SSE4.1 and AVX2 instruction sets and uses runtime CPU dispatching to achieve maximum performance on CPUs with different SIMD extensions supported.
Evgeny Sidorov is a Security Engineer at Yandex. Evgeny works in the Product Security Team and is responsible for developing and embedding various defense techniques in web and mobile applications. He finished his degree in applied mathematics at the Institute of Cryptography, Telecommunications and Computer Science of Moscow.