The Password Hashing Competition gathers the leading experts from the password cracking scene, as well as cryptographers and software engineers from academia, as well as NIST, to develop the password hashing methods of the future.
Passwords are hashed everywhere: operating systems, smartphones, web services, disk encryption tools, etc. Hashing passwords mitigates the impact of a compromised database by forcing attackers to brute force passwords. Brute force is easier when the hash function is not "salted", fast to evaluate, and easy to implement as multiple parallel instances on GPUs or multi-core systems.
However, existing solutions are not satisfactory, and the huge majority of systems relies on weak hashes (cf. leaks from Sony, LinkedIn, or more recently Evernote). After a brief introduction of the problem and previous solution attempts, this talk presents a roadmap towards new improved hashing methods, as desired by a number of parties (from industry and standardization organizations).