[pvg]

It might be better to put the conclusion somewhere near the top or otherwise make it more visible - it's a convoluted topic in its details with a bunch of options with very similar names. There is a simple correct answer though, and it's worth emphasizing that.

[jandrese]

The answer is Ed25519, as most people probably expected.

[rurban]

Or RSA 4096.

Ed25519 certainly looks the best given the fact that all the spooks (NIST, cryptlib, Crypto++ ...) lobby against it, and didn't implement it. Looks like that is the one they want nobody to use, even if it's the simplest. However, any elliptic curve in general can be backdoored, the FSF recommends RSA 4k only. Even if RSA side channel attacks are known.

[a1369209993]

Fuck RSA.[0][1]

> The fact that RSA is still in widespread use today indicates both a failure on the part of cryptographers for not adequately articulating the [many] risks inherent in RSA, and also on the part of developers for overestimating their ability to deploy it successfully.

0: PoC||GTFO 20 (https://www.alchemistowl.org/pocorgtfo/pocorgtfo20.pdf) 20:09 (p 68)

1: Why yes, that is a direct quote.

[pvg]

It's not about the answer itself but the structure of the piece. For that kind of info, this is the better template:

https://codahale.com/how-to-safely-store-a-password/

[brobinson]

This is outdated in terms of recommending bcrypt blindly. Bcrypt has some flaws (leading null bytes, being only "cpu hard") that are addressed by newer hashing functions. Argon2 in independent mode or hybrid mode seems to be the most common recommendation among security luminaries today.

[pvg]

https://news.ycombinator.com/item?id=24286955

[brobinson]

Right. I'm not sure "Use X. Use X. Use X. Use X. Use X. Use X. Use X. Use X. Use X." where X is outdated and no longer a best practice is a good template.