In this work we provide an overview of the candidates of the Password Hashing Competition (PHC) regarding to their functionality, e.g., client-independent update and server relief, their security, e.g., memory-hardness and side-channel resistance, and its general properties, e.g., memory usage and underlying primitives. Furthermore, we introduce two kinds of attacks, called Garbage-Collector and Weak Garbage-Collector Attack, exploiting the memory handling of a candidate. The following overview considers all candidates which are not yet withdrawn from the competition.
↧