[brobinson]

This is outdated in terms of recommending bcrypt blindly. Bcrypt has some flaws (leading null bytes, being only "cpu hard") that are addressed by newer hashing functions. Argon2 in independent mode or hybrid mode seems to be the most common recommendation among security luminaries today.

[pvg]

https://news.ycombinator.com/item?id=24286955

[brobinson]

Right. I'm not sure "Use X. Use X. Use X. Use X. Use X. Use X. Use X. Use X. Use X." where X is outdated and no longer a best practice is a good template.