|
Differently! The goal of PHC is to improve upon the current state-of-the-art, which includes bcrypt and scrypt, but there are many tradeoffs involved. A scheme that is better in one aspect might be worse (or just different) in another. These finalists try to improve upon scrypt (increase attack/defense cost ratio or/and avoid cache-timing side-channels while building upon ideas from scrypt and more): Argon, Catena, Lyra2, yescrypt, and maybe POMELO. Ditto for some non-finalists: Gambit, RIG, TwoCats. (Arguably some other non-finalists fall in this category as well.) These finalists include bcrypt-like components or properties while being scalable (to a varying extent) to larger than bcrypt's memory usage: battcrypt, POMELO, Pufferfish, yescrypt. And a non-finalist: TwoCats. Unlike bcrypt itself, battcrypt is likely to be implementable in scripting languages that offer native Blowfish. These finalists are totally different from bcrypt and scrypt, not trying to improve upon them nor even be on par with them: Makwa and Parallel. They are for different applications than bcrypt and scrypt. Parallel can be said to try to improve upon PBKDF2, though. As to more specific comparisons, with benchmarks and cost estimates for various settings on various types of hardware, this goes beyond a comment reply like this (or I'd need to focus on one PHC candidate, like mine, which would be unfair). It is a topic for the PHC discussions list and for materials included with each PHC candidate (some do include various numbers or/and claims to this extent). |