Open competition to select password hash functions
The Password Hashing Competition was an open competition announced in 2013 to select one or more password hash functions that can be recognized as a recommended standard. It was modeled after the successful Advanced Encryption Standard process and NIST hash function competition, but directly organized by cryptographers and security practitioners. On 20 July 2015, Argon2 was selected as the final PHC winner, with special recognition given to four other password hashing schemes: Catena, Lyra2, yescrypt and Makwa.[1]
One goal of the Password Hashing Competition was to raise awareness of the need for strong password hash algorithms, hopefully avoiding a repeat of previous password breaches involving weak or no hashing, such as the ones involving
RockYou (2009),
JIRA,
Gawker (2010),
PlayStation Network outage,
Battlefield Heroes (2011),
eHarmony,
LinkedIn,
Adobe,
ASUS,
South Carolina Department of Revenue (2012),
Evernote,
Ubuntu Forums (2013),
etc.[2][3][4][5][6]
The organizers were in contact with NIST, expecting an impact on its recommendations.[7]
^"Password Hashing Competition"
^
Danielle Walker.
"Black Hat: Crackable algorithms prompt need for improved password hashing".
2013.
^
Antone Gonsalves.
"Password hashing competition aims to beef up security".
2013.
^
Antone Gonsalves.
"Contest aims to boost state of password encryption".
2013.
^
Antone Gonsalves.
"Auckland Uni scientist judge in password contest".
2013.
^
Jean-Philippe Aumasson.
"The Password Hashing Competition: Motivation, Challenges, and Organization".
2013.
^
Dennis Fisher.
"Cryptographers aim to find new password hashing algorithm".
2013.
and 24 Related for: Password Hashing Competition information
The PasswordHashingCompetition was an open competition announced in 2013 to select one or more passwordhash functions that can be recognized as a recommended...
In 2013 a PasswordHashingCompetition was announced to choose a new, standard algorithm for passwordhashing. On 20 July 2015 the competition ended and...
circuits. In 2013 a long-term PasswordHashingCompetition was announced to choose a new, standard algorithm for passwordhashing, with Argon2 chosen as the...
other passwordhashing schemes: Catena, Lyra2, yescrypt and Makwa. Another alternative is Balloon hashing, which is recommended in NIST password guidelines...
derivation function that was selected as the winner of the 2015 PasswordHashingCompetition. It was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich...
bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999. Besides...
than SHA-512. It is based on Scrypt. Lyra2 PasswordHashingCompetition "Changes/yescrypt as default hashing method for shadow". Retrieved 2023-10-10....
user is hashed and compared with the stored hash. A password reset method is required when passwordhashing is performed; original passwords cannot be...
highly parallel hardware to speed up key testing. In 2013, a PasswordHashingCompetition was held to select an improved key stretching standard that would...
SHA-3: A hash function formerly called Keccak, chosen in 2012 after a public competition among non-NSA designers. It supports the same hash lengths as...
the Secure Hash Standard. The NIST competition has inspired other competitions such as the PasswordHashingCompetition. Submissions were due October 31...
software portal Argon2 – winner of the PasswordHashingCompetition in 2015 bcrypt – blowfish-based password-hashing function bcrypt – blowfish-based cross-platform...
Balloon hashing is a key derivation function presenting proven memory-hard password-hashing and modern design. It was created by Dan Boneh, Henry Corrigan-Gibbs...
used content management systems were reported to still use MD5 for passwordhashing. In 1996, a flaw was found in the design of MD5. While it was not deemed...
the above picture hash 0 is the result of hashing the concatenation of hash 0-0 and hash 0-1. That is, hash 0 = hash( hash 0-0 + hash 0-1 ) where "+" denotes...
means he knows the internal state of the hashing function at that point. It is then trivial to initialize a hashing algorithm at that point, input the last...
of HMAC in password-hashing scenarios: it has been demonstrated that it's possible to find a long ASCII string and a random value whose hash will be also...
different hashing primitive (SHA-1 and SHA-2) then XORed together to output the MAC. Universal hashing and in particular pairwise independent hash functions...
to compute the hashes using a key derivation function that adds a "salt" to each password before hashing it, with different passwords receiving different...
Kline, Robert. "Closed Hashing". CSC241 Data Structures and Algorithms. West Chester University. Retrieved 2022-04-06. "Open hashing or separate chaining"...
thief will only have the hash values, not the passwords. However most users choose passwords in predictable ways and often passwords are short enough so that...
plaintext of user passwords, an access control system stores a hash of the password. When a user requests access, the password they submit is hashed and compared...
a passwordhashing scheme (PHS) that can also work as a key derivation function (KDF). It received a special recognition during the PasswordHashing Competition...