This project has moved and is read-only. For the latest updates, please go here.

State of the art in Password Hashing Algorithm - (as of 2016) - Argon2i for Password Hashing

Topics: Feature Requests
Feb 9, 2016 at 9:06 AM
Hi Mounir, it's been quite a long time since my last confession :P

Disclaimer: I'm a complete noob on these topics, and I think I'm conflating encryption algorithms with password hashing algorithms, so I apologize in advance. I seem to grasp that they way persistent memory is encrypted/decrypted has nothing to do with how the passcode (password/passphrase) is stored, accessed and concealed, and that's as far as I can go.

Nonetheless, I wanted to bring this important new advance in the cryptography field (specifically in the password hashing arena) to your attention, in the hopes that, if you find it useful, can leverage its power to improve this amazing piece of software.

EoD (End of Disclaimer)

If applicable, would you please look into the specs of this new "algo" and see if it can be integrated in a future release of VeraCrypt, as another option?


After two years of extensive research and relentless cracking efforts by the best teams in the cracking community, it was awarded the First Place in the Password Hashing Competition and they are urging anyone who cares to listen to its adoption. (A quick glance at the names involved in both the judging panel and the development teams, reveals a who is who of the best minds alive in the fields of cryptography, password cracking and IT security.

Other links of interest:
  • Jeremi Gosney He goes by the handle epixoip in this comment thread, answering ALL the questions asked, in detail. By the way, he and his work is what's featured in the article. You'll notice it's a rather old one, in fact it's 3+ years old, and by that time -Dec 2012- they were achieving 350 giga hashes a second of password candidates on the NThash algorithm. I can't imagine the numbers by now... (Of course one algorithm has nothing to do with another so I'm not comparing apples to oranges, but again, mind blowing numbers). The point is that these guys know what they are doing, so I pay attention to these things. And they work for law enforcement and APT's, especially in areas of disk encryption access and password/data decryption*.
  • oclHashcat's algorithms It's old news by now, but it bares repeating: it would be really nice to see how vulnerable are the algorithms implemented in VeraCrypt, when attacked by the password cracking community, and more than that, to compare how well (or bad) the algorithms already in place stack against this new one proposed.
  • Sagitta Performance Cracking This is Jeremy Gosney's company*. (No affiliation whatsoever).
  • Oficial GitHub Repository of the Argon2 Developers All the specs and info is there.
Again, I'm in no way associated with anyone that I link to here, just wanted to let you know of this news, maybe it turns out to be an important addition to VeraCrypt.

I'll appreciate your insight once you find the time to look into this. And everyone else's as well of course. I'm always eager to educate myself, so I thank in advance for all the input I can get.

Feb 9, 2016 at 3:20 PM
You can read Mounir's comments on the new hash algorithm at the following link.
Feb 10, 2016 at 4:29 AM
Thank you very much Enigma, and I apologize for not catching it sooner. I sure was late to get this memo. Either way, I hope some great security advances do come out of this evolving science.