I've read many articles about hashing algorithms. Their pros, their cons etc.
I think I have decided upon using the brcypt algorithm to hash my passwords with a unique per user salt.
The main reasons that I like it are :
- It's been out for a long time and as far as I'm aware there are no known issues with it.
- It was designed to be used for passwords and even includes 'salt' as a parameter.
- It is relatively slow (compared to other hashing algorithms) to create a hash thereby hindering brute force attacks and someone creating lookup and rainbow tables of passwords with the salt combined.
My only concern is that it has been out for a long time now. Should I still use it or should I move on to a new algorithm like Argon2, scrypt, SHA3 etc
Does anyone with better knowledge than myself have any insights as to whether I'm ok sticking with my Bcrypt decision or whether I should move on to a newer algorithm?