tarkatronic
commented
1 year ago No on Blake. In this case, fast is bad. Bcrypt, argon2id, scrypt, and pbkdf2 are the current recommendations.
Open tarkatronic opened 3 years ago
tarkatronic
commented
1 year ago No on Blake. In this case, fast is bad. Bcrypt, argon2id, scrypt, and pbkdf2 are the current recommendations.
The first hashing algorithm I introduced was PBKDF2. This is a good accepted standard. But nowadays there are others that may be better.
Argon2 for example claims to be ASIC and GPU resistant. BLAKE3 and its predecessor BLAKE2 claim to be massively faster, although I'm uncertain of its security profile.
If we adopt a spec similar to what is propose in https://github.com/Facet-MUD-Project/facetjs/issues/36 we could easily experiment with multiple different algorithms. I think this would be interesting. We could have "required" algorithms, as well as "optional" algorithms. And the implementations should be able to detect the algorithm used and encode/decode appropriately.