Hi Marc,
To be clear, I think we shouldn't make Argon2 the default just yet. I
would rather add it as an option for now and make it the default in a
later release. However, I would like to discuss what would block making
Argon2 the default already.
> It is once per user, but it's once for *EVE
I may not understand the security implications here properly, but as far as I can tell there isn't a strong enough case that Argon2 is fundamentally better than PBKDF2 yet?Barring any weakness in Blake2 we do not know about, Argon2 is way better than PBKDF2 as it is memory-hard. The gap between SH
as default, it can still verify.
> On 03 Jan 2016, at 14:52, Bas Westerbaan wrote:
>
> Hynek weighted in[1]. I think the PR is ready to merge.
>
> Best wishes,
>
> Bas
>
>
> [1] https://github.com/django/django/pull/5876#issuecomment-168411156
> <h
> include it. It would be great if you could get feedback from dstufft and/or
> hynek in #cryptography-dev -- not that we miss something.
>
> Cheers,
> Florian
>
> On Sunday, December 27, 2015 at 12:36:02 AM UTC+1, Bas Westerbaan wrote:
> Hello,
>
> This morning I su
Hello,
This morning I submitted a Pull Request[1], which adds a PasswordHasher for
argon2 – the winner of the Password Hashing Competition.[2] Tim Graham
mentioned I should send an e-mail to this list to discuss it.
The patch is mostly pretty straight-forward. I would like to add a few
remar
