On 7/25/2022 15:30, Joshua Kinard wrote:

> Some really quick looking around, I'm not finding any substantive
> discussions on why yescrypt is better than argon2.  It so far seems that it
> just got implemented in libxcrypt sooner than argon2 did, so that's why
> there is this sudden push for it.
> E.g., on Issue #45 in linux-pam[3], user ldv-alt just states "I'd recommend
> yescrypt instead.  Anyway, it has to be implemented in libcrypt.", but
> provides no justification for why they recommend yescrypt.  Since we're
> dealing with a fairly important function for system security, I kinda want
> something with much more context that presents pros and cons for this
> algorithm over others, especially argon2.

So there is this question and three answers on Crypto StackExchange.  It is
about five years-old, but it's got more detail on why argon2 won the PHC
instead of one of the other contenders.  It is still subjective information,
but more thorough:

There's some more info if one continues to deep-dive on CSE, but I am
noticing a lot of the info is several years old.  Some more recent things
make references to a newer algo called Balloon, but that seems to be going
off into side-tangents.

Anyways, I guess I am just being paranoid.  If a change to hashing algos is
made, it should be based on facts and not popularity contests or feelings.

Joshua Kinard
rsa6144/5C63F4E3F5C6C943 2015-04-27
177C 1972 1FB8 F254 BAD0 3E72 5C63 F4E3 F5C6 C943

"The past tempts us, the present confuses us, the future frightens us.  And
our lives slip away, moment by moment, lost in that vast, terrible in-between."

        --Emperor Turhan, Centauri Republic

Reply via email to