You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The primary criteria for adding an algorithm (beyond someone actually writing the code) is if that algorithm is or will be in use in some real world system or protocol.
The secondary criteria is if the algorithm has some notable benefit compared to other systems such that it's worth including because it should be used in real world systems, even if not currently.
As far as I know none of these hashes qualifies under the first criteria. (Please correct me if I'm wrong about this, this is just based on what I've seen used in the past.) On the second crtieria I don't know enough about these other hashes to have an opinion. Certainly I find both Argon2 and scrypt quite poorly designed so I'm open to the possibility. But it would have to come in an argument of "Attribute X is something that makes algo Z superior to {Argon2,scrypt,bcrypt} in some specific scenario and this attribute is so nice it's worth including not just yet another password hash, but one that's not widely used/known/studied."
The Password Hashing Competition had some worthy participants: Catena, Lyra2, Makwa and yescrypt. Maybe they should be added to Botan?
The text was updated successfully, but these errors were encountered: