The Password Hashing Competition was an open competition announced in 2013 to select one or more password hash functions that can be recognized as a recommended standard. It was modeled after the successful Advanced Encryption Standard process and NIST hash function competition, but directly organized by cryptographers and security practitioners. On 20 July 2015, Argon2 was selected as the final PHC winner, with special recognition given to four other password hashing schemes: Catena, Lyra2, yescrypt and Makwa.[1]
One goal of the Password Hashing Competition was to raise awareness of the need for strong password hash algorithms, hopefully avoiding a repeat of previous password breaches involving weak or no hashing, such as the ones involving RockYou (2009), JIRA, Gawker (2010), PlayStation Network outage, Battlefield Heroes (2011), eHarmony, LinkedIn, Adobe, ASUS, South Carolina Department of Revenue (2012), Evernote, Ubuntu Forums (2013), etc.[2][3][4][5][6]
The organizers were in contact with NIST, expecting an impact on its recommendations.[7]
See also
editReferences
edit- ^ "Password Hashing Competition"
- ^ Danielle Walker. "Black Hat: Crackable algorithms prompt need for improved password hashing". 2013.
- ^ Antone Gonsalves. "Password hashing competition aims to beef up security". 2013.
- ^ Antone Gonsalves. "Contest aims to boost state of password encryption". 2013.
- ^ Antone Gonsalves. "Auckland Uni scientist judge in password contest". 2013.
- ^ Jean-Philippe Aumasson. "The Password Hashing Competition: Motivation, Challenges, and Organization". 2013.
- ^ Dennis Fisher. "Cryptographers aim to find new password hashing algorithm". 2013.