kinglozzer
commented
11 months ago I remember this coming up a while back, this may be good for some inspiration, particularly with re-hashing passwords: https://github.com/silverstripe/silverstripe-framework/pull/8806. We never actually implemented support for PHP’s native password_hash() function, it looks like that could allow us to make argon2 (and cost for bcrypt) an option that’s configurable
GuySartorelli
According to owasp, bcrypt (aka blowfish) is recommended for "legacy systems". Furthermore, their minimum recommended work factor is 10, which is what our blowfish encryptor's default work factor is set at. Basically, out of the box we're providing the bare minimum security for password hashing according to owasp - which is fine for now, but as time goes on we'll want to at the very least bump up that work factor, if not implement a more modern hasher.
Their recommendation is to use argon2id if available, and to use scrypt otherwise. Having given a decent look around online, I have found the following:
Argon2 and scrypt are both more memory intensive than bcrypt by design, so that attackers require more specialised and expensive equipment to attack them - it makes them more resistant to attacks run on the GPU, which bcrypt is somewhat resistant to, but to a much lesser degree than these algorithms. Argon2 is reportedly more of a resource hog than scrypt and may not be suitable for sites with high traffic. For this reason I'm leaning more towards scrypt.
This graph from the scrypt paper [PDF] shows a comparison of scrypt vs bcrypt and PBKDF2:
Options
Additional considerations