Hi Antonio, thanks for stopping by!
I didn’t “omit” Argon2: this post was posted to Medium in June 2015 but it was originally posted to my personal blog (at mpreziu.so - now a redirect to Medium) in March 2015.
Argon2 won the PHC competition in July 2015, so that’s one reason. :)
Would I write about Argon2 today? Pretty surely.
Would I recommend it? Hmmm probably not *yet*.
While I like its design and it has been designed to have a better side-channel resistance than scrypt and in general to be better than the current algorithms (why attempt to write a worse one?! :) ) I think it’s a bit premature to run and rewrite our implementations to use it instead of (b|s)crypt.
As far as I know there are two papers that show some vulnerabilities in the 2i version of Argon2; while they don’t seem particularly severe and while one of them has also been fixed, they remind us that novelty - while being exciting - can be a dangerous thing in cryptography.
“Given enough eyeballs, all bugs are shallow” — Linus Tovarlds
Argon2 has been around for a year and 3 months now, how many people have actually looked into it? - That’s why I wouldn’t recommend it *yet*.