>>>>> "Christoph" == Christoph Anton Mitterer <[email protected]> writes:

    Christoph> Wouldn't it then be a better choice to wait for the
    Christoph> availability of argon2?

    Christoph> Not that'd I'd have any insight on whether yescrypt is
    Christoph> much worse, but Argon2 is simply the winner and will
    Christoph> probably receive the most scrutiny over the years. So it
    Christoph> would seem like the wisest long term choice - just like
    Christoph> most people use Rijndael/AES and not so much the other
    Christoph> AES finalists.

No, what we had was not so good, and Yescrypt is reduced to a compelling
security proof.
I think the amount of analysis that various things are getting is a
factor we can consider.
I don't have any objection to moving to Argon2 once it's available, I
just don't  know today that it will be critical to do so.


Amusingly enough, Debian openssh does not actually use AES for
encryption these days.
For a while AES really did have close to 100% of the responsible cipher
market despite its side channel issues.
These days, you'll still see Ipsec using AES, but the ssh community is
more likely to prefer something non-NIST-based probably still as fallout
from DRB plus a desire to have a wider crypto ecosystem.

Reply via email to