10

I am not a security guy but just curious about the things here.

I have seen several people in various answers here talked about the password hashing competition. Now that the winner is announced, I am just curious that not much about Argon2 is discussed in here.

What are your reviews of the Argon2 hashing method? How is it better/worse compared to the already in use methods like BCrypt, SCrypt and others. Is it going to take much longer before it can be judged?

Ravi Teja
  • 203
  • 1
  • 5

1 Answers1

11

As of today, bcrypt, scrypt and PBKDF2 offer reasonable properties to be used and considered safe.

What is especially on their side is their history. As Neil pointed out in the comments, Argon2 - while winning the PHC - still has to prove itself, being researched extensively to be fairly sure nothing has been overlooked that can break its neck.

That's the reason established hash functions (and encryption systems) are preferred over new ones as long as they are still not feasible to break: They have been thoroughly researched and proven themselves over many years.

The people over at crypto.SE have some questions on Argon2 that may answer some of the more it-depth questions regarding comparisons and Argon2 itself.

Usually, it takes a few years for a new algorithm to become generally accepted after release - that's because reliable reviews require a great amount of research and time and the academic processes often involved are lengthy.

Xander
  • 35,616
  • 27
  • 114
  • 141
Tobi Nary
  • 14,352
  • 8
  • 44
  • 58