|
|
|
|
|
|
by inquirerofsorts
2043 days ago
|
|
|
> This does not inspire confidence in their product. Proudly using PBKDF2 in 2019 while presenting oneself as an expert on key derivation functions is the real red flag. It's time to move on. We finished the PHC in 2015, there's multiple worthy candidates that came out the other end under heavy scrutiny. It was an incredibly well run and productive meeting of minds (in my opinion at least). The alternative winners have some novel features that might appeal in certain situations but Argon came out on top and I'm intrigued in anyones reason to not be using it. Most competitors offered up compute, time and memory parameters that can be modified as needed. The points made in this article are redundant with modern algos. If you are still using PBKDF2 for new codebases please take a step back and do 10 mins of research, please. |
|
|
Unless you offer services to the US government and so must use a NIST-approved algorithms.
Unless bcrypt and/or scrypt and/or Argon2 [1] have stamp of approval now?
[1] https://en.wikipedia.org/wiki/Password_Hashing_Competition