>>>>> "Christoph" == Christoph Anton Mitterer <cales...@scientia.net> writes:
Christoph> Hey. I'd guess that the long term plan is then to switch
Christoph> to Argon2?
Christoph> May I suggest in advance that this is then added to
Christoph> NEWS.Debian with the hint that people might perhaps want
Christoph> to re-set their passwords?
I don't know whether that's long-term plan or not.
yescrypt and argon2 seem to have similar security properties.
I'd need to dig more into the PHC report to figure out whether there's
enough of an advantage to do another switch.
I mean yeah, if argon2 was an option today I probably would have picked
it, because I'm kind of a fan of security standards given my
background:-)
I actually think release notes may be better than news.debian.
There are cases where news.debian entries get displayed to people on
upgrade, and for a package like pam that everyone has installed, that
seems like more of a big deal than is justified by this.
I'll go file a bug against release-notes.
--Sam
