and our recommendation for hashing passwords: Argon2
Password hashing is everywhere, from web services' credentials storage
to mobile and desktop authentication or disk encryption systems.
Yet there wasn't an established standard to fulfill the needs of
modern applications and to best protect against attackers.
We started the Password Hashing Competition (PHC) to
solve this problem.
PHC ran from 2013 to 2015 as an open competition—the same kind of
process as NIST's AES and SHA-3 competitions, and the most effective way
to develop a crypto standard. We received 24 candidates,
including many excellent designs, and selected one winner,
Argon2, an algorithm designed by Alex Biryukov,
Daniel Dinu, and Dmitry Khovratovich from University of Luxembourg.
We recommend that you use Argon2 rather than legacy algorithms.
You'll find the specifications and reference code just below.
The reference code is C89-compliant C, licensed under CC0, a.k.a. public
domain.
It should compile on x86 and x86_64 architectures, as well as most ARM
architectures (except for the code optimized for x86 and x86_64). It
should compile on Linux, OS X, and Windows OS', as well as MinGW
environments.
There are two main versions of Argon2, Argon2i and Argon2d. Argon2i is
the safest against side-channel attacks, while Argon2d provides the
highest resistance against GPU cracking attacks.
Argon2i and Argon2d are parametrized by
A time cost, which defines the execution time
A memory cost, which defines the memory usage
A parallelism degree, which defines the number of threads
See the README
for detailed instructions.
You can try Argon2 online on argon2.online.
Bindings are available for most languages.
PHC
The Password Hashing Competition (PHC) was initiated by Jean-Philippe
Aumasson in fall 2012, and organized thanks to a panel joined by
Tony Arcieri (@bascule, Square)
Dmitry Chestnykh (@dchest, Coding Robots),
Jeremi Gosney (@jmgosney, Stricture Consulting Group),
Russell Graves (@bitweasil, Cryptohaze),
Matthew Green (@matthew_d_green, Johns Hopkins University),
Peter Gutmann (University of Auckland),
Pascal Junod (@cryptopathe, HEIG-VD),
Poul-Henning Kamp (FreeBSD),
Stefan Lucks (Bauhaus-Universität Weimar),
Samuel Neves (@sevenps, University of Coimbra),
Colin Percival (@cperciva, Tarsnap),
Alexander Peslyak (@solardiz, Openwall),
Marsh Ray (@marshray, Microsoft),
Jens Steube (@hashcat, Hashcat project),
Steve Thomas (@Sc00bzT, TobTu),
Meltem Sonmez Turan (NIST),
Zooko Wilcox-O'Hearn (@zooko, Least Authority Enterprises),
Christian Winnerlein (@codesinchaos, Pactas),
Elias Yarrkov (@yarrkov).
In Q1 2013 we published the call for
submissions, and by the deadline on March 31, 2014 we had received
24 submissions. In December 2014 we
shortlisted 9 finalists and published a short report. In July 2015 we announced
Argon2 as a winner and gave special recognition to four of the
finalists:
Questions about Argon2 or PHC can be addressed to the public mailing
list [email protected]
(you need to register first by sending an empty message to [email protected]).
Public
archives of this mailing list are available thanks to Gmane.