Argon2
Memory-hard scheme Argon2 (by khovratovich)
bscrypt
A cache hard password hash/KDF (by Sc00bz)
Our great sponsors
| Argon2 | bscrypt | |
|---|---|---|
| 2 | 6 | |
| 195 | 40 | |
| - | - | |
| 10.0 | 0.0 | |
| over 3 years ago | over 1 year ago | |
| C | C++ | |
| GNU General Public License v3.0 or later | Creative Commons Zero v1.0 Universal |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Argon2
Posts with mentions or reviews of Argon2.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-02-13.
-
Password hashing and salting
I'm building a C++ code generator and have been having some problems figuring out password hashing and salting. Does anyone use C++ to do that? This repo looked interesting: khovratovich/Argon2: Memory-hard scheme Argon2 (github.com)
-
So I created a custom KDF. Bad idea?
Regarding cache-hard KDFs, check out Argon2ds, Pufferfish2, hmac-bcrypt, and bscrypt.
bscrypt
Posts with mentions or reviews of bscrypt.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-02-13.
-
Backups of ALL customer vault data, including encrypted passwords and decrypted authenticator seeds, exfiltrated in 2022 LastPass breach, You will need to regenerate OTP KEYS for all services and if you have a weak master password or low iteration count, you will need to change all of your passwords
Not compared to a more modern password hashing function like bscrypt or Argon2. PBKDF2 with 100k iterations is actually rather low for current recommendations. And it's not memory-hard, which makes it possible to use GPUs to speed up cracking dramatically.
-
So I created a custom KDF. Bad idea?
Regarding cache-hard KDFs, check out Argon2ds, Pufferfish2, hmac-bcrypt, and bscrypt.
-
On PBKDF2 iterations
bscrypt looks like a better alternative nowadays https://github.com/Sc00bz/bscrypt
-
On PBKDF2 Iterations
Argon2 requires a ton of RAM, that servers could use for more interesting things.
bscrypt looks like a better alternative nowadays: https://github.com/Sc00bz/bscrypt
- Bscrypt – A cache hard password hash/KDF
What are some alternatives?
When comparing Argon2 and bscrypt you can also consider the following projects:
pufferfish - Pufferfish2 password hashing scheme
hmac-bcrypt - The hmac-bcrypt password hashing function
postgresql-simple-sop
containers-unicode-symbols - Unicode alternatives for common functions and operators
aeson-json-ast - Integration layer for "json-ast" and "aeson"
load-balancing
infernu - Type inference and checking for a safer JavaScript.
lrucaching - Haskell implementation of an LRU cache
aeson-serialize - Functions for serializing a type that is an instance of ToJSON
google-oauth2 - Google OAuth2 token negotiation