Password Hashing PBKDF2 vs Argon2

mikymora · October 8, 2018, 11:28pm

I was reading about password hashing and came across this
What is the most reliable, safe and efficient password hashing algorithm as of 2018?

if Argon2 is the best and most secure password hashing method, then why is Discourse using PBKDF2?
or am i missing something.

codinghorror · October 8, 2018, 11:39pm

It takes a while for new hashing methods to be proven safe and reliable.

We do have a longer term todo to add a hash version so we can increase difficulty here in the future.

See: Hacker, Hack Thyself

mikymora · October 9, 2018, 12:02am

That’s a nice explenation thank you,
I was just curious because in a other post i found that PBKDF2 came in the last position
How to Safely Store Your Users’ Passwords

Argon2 , the Password Hashing Competition winner.
bcrypt
scrypt
The other Password Hashing Competition finalists ( Catena , Lyra2 , Makwa , and yescrypt )
PBKDF2 (nearly everyone except FIPS agrees PBKDF2 is the worst of the acceptable options but is still acceptable)

but thats probably outdated now.

codinghorror · October 9, 2018, 12:05am

It depends how many iterations you use. “Worst” is relative, you must know the number of iterations in use. Otherwise you are literally comparing s and s

Topic		Replies	Views
What hashing algorithm is used in discourse for hashing passwords? Support	3	2607	June 8, 2024
Using Discourse as an account provider and PBKDF2 problems Dev	10	509	January 6, 2024
Is there a way to manually locate user's passwords? Support	23	4989	October 19, 2021
Update Password Encryption Method Dev	6	63	July 16, 2024
Password hash algorithm Dev	9	1676	May 14, 2021

Password Hashing PBKDF2 vs Argon2

Related Topics