SHA2 vs SHA3 vs PBKDF2 vs bcrypt vs SCrypt vs Argon2: Which to choose for password storage?

Which one to choose for saving your password?

Old-fashioned hash functions, such as MD5 or SHA1, are nowadays unsuitable for most purposes.

However, there is still a plethora of modern options, such as SHA2, SHA3, PBKDF2, bcrypt, SCrypt, and Argon2. Which one of these should be chosen for storing the application's password?

We can start by dropping SHA2 and SHA3 hashing functions. They are designed to be a fast and efficient hashing function, not specifically for protecting passwords.

Functions like PBKDF2, bcrypt, SCrypt, and Argon2, however, offer solutions for secure password storage, but there are still differences in performance, security, and suitability for various use cases. Let's compare these four algorithms.

PBKDF2 (Password-Based Key Derivation Function 2)

PBKDF2 is one of the oldest and most widely used algorithms. It protects passwords by performing hashing function thousands or even millions of times, increasing the time needed to crack the password. The advantages of PBKDF2 include its widespread acceptance and standardization (RFC 2898), making it compatible with a variety of systems.

Applications

• Calculation of cryptographic keys
• Environments requiring standardized solutions

Example case

A financial company has an older system designed to use less secure hashing functions such as MD5 or SHA-1 to store user passwords. The company wants to update its system to use a more secure password hashing method without having to overhaul its entire system.

Choice: PBKDF2 is a good choice for this situation, as it is widely supported and standardized, making it compatible with older systems. PBKDF2 also allows for adjusting the number of iterations, which can improve security without significant changes to the system architecture.

bcrypt

bcrypt is based on the Blowfish encryption algorithm and is designed specifically for protecting passwords. Its main feature is the ability to adjust the level of computational complexity, allowing for strengthening of protection over time. bcrypt is popular in web applications due to its efficient salting (adding randomness to the password) and reasonable resistance against brute-force attacks.

Use cases:

• Storage of web application passwords
• Systems that require strong protection provided by encryption

Example case

A startup company is developing a new social media platform and wants to ensure that users' passwords are protected with modern security practices. It is also important that password handling is efficient to maintain a smooth user experience.

Choice: bcrypt is the ideal choice in this scenario because it provides strong protection against brute-force attacks and is specifically designed to protect passwords. Its built-in salting and adjustable computational complexity provide a good balance between security and performance.

SCrypt

SCrypt is designed specifically to resist hardware-based attacks, such as ASIC and FPGA circuits, which can quickly break passwords. It achieves this by requiring significant amounts of both processing power and memory, making it an effective defense mechanism against both online and offline attacks.

Use cases:

• Systems that are particularly vulnerable to brute-force attacks
• Applications with a lot of available memory resources

Case study

Cryptocurrency project is designing a new digital wallet that stores users' private keys. The project's goal is to protect these keys as securely as possible and effectively prevent offline attacks.

Choice: SCrypt is in this case recommended, because its memory-intensive approach makes it difficult to exploit with specialized hardware, such as ASIC circuits. This increases security especially when an attacker has physical access to the device.

Argon2

Argon2 is the latest and most advanced algorithm in this comparison. It offers three variants (Argon2d, Argon2i, and Argon2id) designed for different security requirements. Argon2 is designed to be both memory-intensive and time-intensive, providing the best protection against modern attack methods.

Applications

• Applications that require the highest possible level of security
• Systems that can leverage memory-intensive protection

Example case

The cloud service provider is developing a new secure storage platform that allows users to store sensitive information such as personal data and financial information. Security is a key selling point of the service.

Choice: Argon2, especially its Argon2id variant, is the best option in this situation. It provides the best protection against current types of attacks, including side-channel attacks and brute-force attacks. Argon2id combines the advantages of Argon2i and Argon2d, providing a flexible and strong solution that is particularly well suited for new security-critical applications.

Which one to choose?

PBKDF2, bcrypt, SCrypt and Argon2 are all quite secure options for protecting passwords. Here are some pointers on when to choose which one, for a regular web application bcrypt is a suitable option, for example Hakatemia uses it.

SHA2 and SHA3 are suitable for contexts where speed is not a disadvantage (usually an advantage) such as digital signatures.

Rule of thumb

PBKDF2, bcrypt, SCrypt and Argon2 for passwords. SHA2 or SHA3 for everything else. Bcrypt is a good and widely used choice for just a "Basic application", for example Hakatemia uses it.