[CiPHPerCoder]

Instead of password hashes, why don't we just use Argon2id as a KDF to produce an Ed25519 keypair, and then publish the (salt, memcost, opscost, Ed25519 public key)?

I can throw this into a structure indistinguishable from a blockchain if any VCs want to invest ;)

[nathancahill]

As long as you call it a blockchain, I'm in!

[tedunangst]

Needs more FIPS to be enterprise ready.

[CiPHPerCoder]

Okay, let's throw in an invalid curve attack vulnerability and call it even. I'll contact NIST for a grant. Let's get this ball rolling!

[tentaTherapist]

Needs more IPFS to board the hype train.

[snakeanus]

Why Argon2id? Isn't Argon2i what the creators suggest?

[CiPHPerCoder]

Sufficient side-channel resistance for real world uses, sufficient GPU resistance. It's the best of both worlds. It's also going to be the libsodium default in the next release.

It's literally two passes that are memory independent, then two that are memory dependent, when r = 4.

[homakov]

Yes, KDF->pubkey seems like only sane way forward. Any discussion over old school passwords is a waste of time.

[tatersolid]

You've just described SQRL

[CiPHPerCoder]

No I haven't. I didn't invent PBKDF2-Scrypt along the way.