Why’d you omit Argon2 from the list?
Antonio D'souza

Hi Antonio, thanks for stopping by!

I didn’t “omit” Argon2: this post was posted to Medium in June 2015 but it was originally posted to my personal blog (at mpreziu.so - now a redirect to Medium) in March 2015.

Argon2 won the PHC competition in July 2015, so that’s one reason. :)

Would I write about Argon2 today? Pretty surely. 
Would I recommend it? Hmmm probably not *yet*.

While I like its design and it has been designed to have a better side-channel resistance than scrypt and in general to be better than the current algorithms (why attempt to write a worse one?! :) ) I think it’s a bit premature to run and rewrite our implementations to use it instead of (b|s)crypt.

As far as I know there are two papers that show some vulnerabilities in the 2i version of Argon2; while they don’t seem particularly severe and while one of them has also been fixed, they remind us that novelty - while being exciting - can be a dangerous thing in cryptography.

“Given enough eyeballs, all bugs are shallow” — Linus Tovarlds

Argon2 has been around for a year and 3 months now, how many people have actually looked into it? - That’s why I wouldn’t recommend it *yet*.