[mnordhoff]

All three are good choices, with their own advantages and disadvantages. Argon2 may be clearly the best choice a few years from now, but both the algorithm and software implementations are immature. It's makes sense to be conservative and go with the more battle-tested options.

(Also last I looked Python has no good scrypt bindings.)

https://paragonie.com/blog/2016/02/how-safely-store-password... https://news.ycombinator.com/item?id=11118720

[stephendicato]

You're right. I agree. In practice I'd heavily weight the decision based on whatever is best supporting in the Python libraries they are adopting.