BlowFish will inevitably at some point in your near future become the most important word in your life as a software developer. The reasons are simply because the only thing governments knows how to do, is to legislate, regulate, and restrict – And as they realize that the GDPR only addressed the tip of the iceberg, they will start digging deeper, looking for more ways to protect their constituents from other malicious activities online. At which point BlowFish will be shoved down your throat as a software vendor, either you like it or not.
BlowFish allows us to cryptographically secure our passwords, and no, any hashing algorithm does not do that – Because BlowFish have some special characteristics, which implies that when combined with individual salts, creating a rainbow dictionary attack, becomes purely mathematically impossible. The reasons is that it is slooooooooooooow! So slow in fact, that for a computer to generate trillions of BlowFish values, based upon a random guess, combined with a random generated salt, becomes theoretical impossible – Even for NSA’s and the CIA’s super computers. Which of course is its purpose.
With any other hashing algorithm, its main feature is that it’s fast. This allows a computer to generate trillions of hash values, in minutes, allowing for it to “guess” your users’ passwords, even though you have done your best to hide them as hashed values in your database. Once they have the password for your little app, regardless of what it is, ranging from “Puppy counting games website” to your “internet banking system”, they’ll also (probably) have your passwords for most other websites too – Including any public website, allowing them to impersonate you in front of your government, removing all liability from you, and completely pulverizing all responsibility from the individual, effectively resulting in Anarchy – Simply because most people use the same passwords on most of their sites.
Hence, at some point in the future, even stupid governments, which knows about as much about software development, as a kitten knows about rocket science – Will be forced to creating legislations, shoving it down software development companies throats, making them forced to implementing it. So there are no reasons to wait for it to happen. You might as well implement BlowFish today, before it becomes a problem for you …
FYI, Magic (of course) stores its passwords as BlowFish hashes, with individual salts, making brute forcing the passwords become literally impossible. Just sayin’ … 😉