Are there more modern password hashing methods than bcrypt and scrypt

This question taught me to be start thinking about password hashing yet again. I currently use bcrypt (exclusively py bcrypt). I've heard a lot with regards to PBKDF2, and scrypt.

What I'm wondering is that there are any "more modern" password hashing techniques that I might not know about (since they are new, so people don't mention them as much), or maybe various other methods I don't know about.

After which it going on from there, which one must i use? Cheap Uggs Uk Online Most people seem to highly recommend bcrypt, but I wonder if that's although it's old (read: well-known). scrypt seems better (variable level of memory usage). I don't know a lot about PBKDF2.

So if I was creating a user management scheme, that of these should I use? Or maybe should I use something completely different?

In cryptography, "new" is not synonymous for you to "good". That bcrypt is twelve years old (12 years. is that truly "old" ?) just means that it sustained A dozen years of public exposure plus wide usage without being busted, so it must be quite effective. By definition, a Longchamp Le Pliage Folding Tote Bilberry "newer" method are not able to boast as much. As a cryptographer, I would say that 12 years old is the right age, and everything younger than, say, Several years, is definitely "too young" for general deployment (of course, these estimates be determined by how much exposure the algorithm got; an early, wide use, although risky for those who plan to deploy, will go a long way toward building confidence in security or revealing weaknesses for an early stage).

Scrypt is much newer than bcrypt; it dates from The year just gone. The idea is quite smart. Such as, slow password processing is supposed to make Barbour Leather Jacket Ebay dictionary attacks And times more expensive for the assailant, while implying that normal control is N' times higher in price for the honest systems. To correct that, scrypt Parajumpers Jackets Men relies on an algorithm which often requires quite some RAM, due to the fact fast access RAM is the niche of the PC, and a aching point of ASIC design.

For realistic usage now, I recommend bcrypt.

Scrypt notwithstanding, current research on the idea of password processing is more about specialized transforms that allow a lot more than mere password verification. For instance, the SRP protocol allows for some sort of cryptographic key agreement with shared password based authentication, and also resilient to dictionary episodes (even in the case of an attacker actively impersonating the client or the hosting server); this calls for a bit of mathematical framework, and the password hashing in SRP consists of modular exponentiation.

• http://www.sebalo.info/spip/spip.php?article13
• http://lab.nqnwebs.com/lavoz_bak/spip.php?article13211/
• http://metransparent.nfrance.com/~k1001/spip.php?article5808&lang=ar&id_forum=6858/
• http://www.middleeasttransparent.com/spip.php?article19890&lang=ar&id_forum=32856/
• http://www.teseracto.net/index.php/en/forum/newtopic