Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Difference between HSM and Argon2 ? which one is preferrable

I am working on a application dealing with customer details , which we want to store in our DB as encrypted , Which one is preferable Argon2

like image 321
Muddassir Rahman Avatar asked Nov 07 '22 12:11

Muddassir Rahman


1 Answers

Argon2 is a hashing algorithm, it can be used to store password in database, in more or less secure way. See OWASP guide to storing passwords.
HSM is hardware dedicated for key storage - if you have access to HSM, you should use it to store your encryption keys, certificate keys and so on.

While you may use HSM to store a password encrypted with reversible encryption alghorithm (i. e. AES, SALSA), it would perform similar role to password storage software, like KeePass.

If you just need to store password in order to authenticate users, you need to keep salt, and a hash of salted password. Hashing function by definition always gives you the same result for the same data. When user account is created, you generate salt, add it to password, and hash the result. Then you save hash and salt. When user tries to authenticate, add stored salt to password, hash the result, and check if its value is equal to value of hash in your database.

On the other hand, if you are making a password vault of some kind, you need to be able to decrypt stored data. HSM may be useful for that.

like image 90
impune Avatar answered Nov 15 '22 11:11

impune