On Wed, 7 Sep 2016, Andreas Bartelt wrote: > yes, due to the larger internal state of the blowfish algorithm which is > harder to efficiently realize in dedicated hardware. However, since bcrypt's > internal state effectively is of fixed size, scrypt would be an even better > option since it allows for a parameterization of this internal state. Is there > any interest in switching to scrypt in the context of password authentication > on OpenBSD?
no, its advantages aren't sufficient for the disruption IMO. We might consider whatever wins the shootout going on between balloon hashing and Argon2, but bcrypt has survived so incredibly well that we can afford to wait.
