Password Hashing Competition

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The Password Hashing Competition was an open competition announced in 2013 to select one or more password hash functions that can be recognized as a recommended standard. It was modeled after the successful Advanced Encryption Standard process and NIST hash function competition. On 20 July 2015 Argon2 was selected as the final PHC winner, with special recognition given to four other password hashing schemes: Catena, Lyra2, yescrypt and Makwa.[1]

One goal of the Password Hashing Competition was to raise awareness of the need for strong password hash algorithms, hopefully avoiding a repeat of previous password breaches involving weak or no hashing, such as the ones involving RockYou (2009), JIRA (2010), Gawker (2010), PlayStation Network outage (2011), EHarmony (2012), 2012 LinkedIn hack, Battlefield Heroes (2011), Adobe (2012), Evernote 2013, ASUS (2012), South Carolina Department of Revenue (2012), Ubuntu Forums (2013), etc.[2][3][4][5][6]

In the wake of allegations that NSA forced NIST to standardize a pseudorandom number generator Dual EC DRBG containing a kleptographic backdoor, the competition was being run by a panel of cryptographers and security practitioners independent of NIST, in order to avoid even the appearance of a backdoored algorithm.[2][7]

External links[edit]

See also[edit]