Discover and read the best of Twitter Threads about #needsBenchmarks
Most recents (1)
I've been meaning to do a postmortem on the password hashing competition for probably over 2 years. I wanted optimized defender and attacker code for each algo. So we could make a good choice. We really needed to have an optimization competition with financial rewards.
Also if we auto submitted "pre and post hashed bcrypt" it probably would of made us go "oh shit 'memory hard' is not the way to go it's 'cache hard'". Since a better cache hard algo, like Pufferfish, is better for "≲2.5 second" runs than Argon2 (both tuned correctly).
Pufferfish isn't the best cache hard algo. It too closely aligned to bcrypt: it took the bad parts and didn't improve enough on the good parts. I realize this now after spending a fuck ton of time on "not bcrypt". Now "bs(crypt)" because "BS(PAKE)"… cause self deprecation FTW.
