slashnick
commented
7 years ago +1 for switching to Argon2
In my (very) limited understanding of password crypto in 2017, Argon2 is considered better over bcrypt. It takes a bunch of memory, so it makes GPU's useless for cracking hashes. An attacker's computer is probably going to do as many hashes/second as the actual webserver.
Do we want to upgrade our password hashing algorithm to the current best, or are we saying bcrypt is plenty good?