Activeloop (YC S18) Is Hiring Senior Back End and AI Search Engineers(Onsite, MV) (careers.activeloop.ai)

I'm evaluating Rust password hashing functions, specifically Argon2, scrypt, PBKDF2. I'm using the RustCrypto open source implementations. I have three simple demos in case you want to try these yourself:

* https://github.com/joelparkerhenderson/demo-rust-argon2

* https://github.com/joelparkerhenderson/demo-rust-scrypt

* https://github.com/joelparkerhenderson/demo-rust-pbkdf2

I'm seeking advice please, such as pros and cons. The context is medical software where hashing is on generally modern machines. I'm aware of the OWASP recommendations which seem broadly helpful. Thanks!

Comments (3)

cpach · 17h ago

'tptacek has written about this earlier on HN. See https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...

For comparison, see also the section named Password handling in Cryptographic Right Answers: Post Quantum Edition https://www.latacora.com/blog/2024/07/29/crypto-right-answer...

stop50 · 1d ago

The first two are good enough, but shouldn't be the only protection. In general salts (adding an per password random string to the raw password) and pepper(addding an random string that is shared across the application) should be added.

Pbkdf2 is quite old and has an attack vector from ASICs and FPGA, but is still quite widespread for applications and protocols.

dandelion9 · 19h ago

Of those, scrypt or argon2id. PBKDF2 is for FIPS compliance.

Shaped (YC W22) Is Hiring (ycombinator.com)

Spice Data (YC S19) is hiring a software engineer – back end (ycombinator.com)

Onlook (YC W25) Is Hiring an engineer in SF

OneText (YC W23) Is Hiring a DevOps/DBA Lead Engineer (jobs.ashbyhq.com)

Gander (YC F24) Is Hiring Founding Engineers and Interns (ycombinator.com)

Ziina (YC W21) the Series A fintech is hiring product engineers (ziina.notion.site)

Onyx (YC W24) – AI Assistants for Work Hiring Founding AE (ycombinator.com)

Great Question (YC W21) Is Hiring a Director of Customer Success (ycombinator.com)

Deepnote (YC S19) is hiring engineers to build an AI-powered data notebook (deepnote.com)

Converge (YC S23) Well-capitalized New York startup seeks product developers (runconverge.com)

CircuitHub (YC W12) is hiring full-stack robotics engineers (workatastartup.com)

AtoB (YC S20) – Stripe for Transportation – is hiring engineers (jobs.ashbyhq.com)

PromptArmor (YC W24) Is Hiring in San Francisco (ycombinator.com)

Depot (YC W23) is hiring an enterprise support engineer (UK/EU) (ycombinator.com)

Patched (YC S24) Is Hiring SWEs in Singapore (ycombinator.com)

Activeloop (YC S18) Is Hiring Senior Back End and AI Search Engineers(Onsite, MV) (careers.activeloop.ai)

Morph (YC S23) Is Hiring a ML Engineer

Spark AI (YC W24) Is Hiring a Full Stack Engineer in San Francisco (ycombinator.com)

Demodesk (YC W19) Is Hiring Rails Engineers (demodesk.com)

Piramidal (YC W24) Is Hiring a Senior Full Stack Engineer (ycombinator.com)

AccessOwl (YC S22) is hiring an AI TypeScript Engineer to connect 100s of SaaS (ycombinator.com)

StackAI (YC W23) Is Looking for SWR and Tailwind Wizards (ycombinator.com)

Weave (YC W25) is hiring a founding engineer (ycombinator.com)

Infisical (YC W23) Is Hiring Full Stack Engineers (TypeScript) in US and Canada (ycombinator.com)

GoGoGrandparent (YC S16) is hiring Back end Engineers

Roundtable (YC S23) Is Hiring a Member of Technical Staff (ycombinator.com)

Diligent (YC S23) Is Hiring a Founding AI Engineer (ycombinator.com)

Venta AI (YC S23) is hiring a full stack engineer in Amsterdam (ycombinator.com)

Martin (YC S23) Is Hiring Founding AI/Product Engineers to Build a Better Siri (ycombinator.com)

Trellis (YC W24) Is Hiring founding SDR to help automate healthcare paperwork (ycombinator.com)

Sorcerer (YC S24) Is Hiring a Lead Hardware Design Engineer (jobs.ashbyhq.com)

Rust password hashing functions: Argon2, scrypt, PBKDF2

Comments (3)