Should we change the password hashing algorithm?

[DangerousFreedom1984]

Currently the wallet uses cn_slow_hash to hash the password at generate_chacha_key to get a chacha_key that is used for the private keys encryption. Should we replace it for Argon2_id ?

Cryptonight (cn_slow_hash)

Pros

• afaiw, no issues found with the encrypted files in the wallet or the encrypted keys in memory

  Cons

• Not tested as much as Argon2
• Not used as much as Argon2

Argon2

Pros

• widely used
• proved secure

  Cons

• maybe not already available in the library

I'm in favor of replacing cn_slow_hash to Argon2 as it is one of the most recommended password hashing algorithm and it would make our library more standardized. Cryptographic arguments explaining why Argon2 is (not) safer are welcome.

[UkoeHB]

What is the wallet migration story for this? It sounds nice, but invites additional maintenance and development costs.