What's argon2id?

[pokegamer5547]

What's argon2id? Some kind of encryption?
And is it better/safer than default AES encryption it has in options?

[phoerious]

Argon2id is a variant of our key derivation function, which is stronger against side-channel attacks, an important property if you are not guaranteed to be the only user on your system.

Until now, KeePass has only supported Argon2d, so that is what we implemented as well. While the KeePass author still prefers Argon2d, we will most likely make Argon2id the recommended KDF in the future. AES is still being used for the actual encryption, so nothing changes there.

There is a write-up from KeePass here: https://keepass.info/help/base/security.html#secdictprotect
Here is the IETF RFC draft, which also recommends Argon2id as the default for "all environments": https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03

We will also prepare one ourselves.

[pokegamer5547]

Oh I see, thankyou so much for explaining :)
I have few questions to ask if you don't mind.
so is argon2id is better start using right now moving away from AES?
And also from what you mentioned, AES seems not much as good in security compared to argon2id?

[phoerious]

As I said: AES has nothing to do with it. Argon2id is a key derivation function, so it takes your password and transforms it to make it harder to brute-force before it is being used as the encryption key for AES. It is not an either/or. We use both at the same time. Right now, we use Argon2d + AES, in the future we will be using Argon2id + AES.

[pokegamer5547]

Oh I understand now. Thankyou for explaining:) I really appreciate that.