yescrypt cryptographic security Cryptographic security (collision resistance, preimage and second preimage resistance) is based on that of SHA-256, HMAC, and PBKDF2 The rest of processing, while crucial for increasing the cost of password cracking attacks, may be considered non-cryptographic There are entropy bypasses to final PBKDF2 step for both password and salt inputs For comparison, scrypt has such entropy bypass for the password input only The known unfortunate peculiarities of HMAC and PBKDF2 are fully avoided in the way these primitives are used yescrypt native mode is immune from this scrypt curiosity that could raise some hairs: scrypt(PBKDF2-HMAC-SHA256-fail-affects-scrypt-no-security-issue-bGoDFpr8) = = scrypt(;`B3nR6wQ2-_LSg"mH #yszm`[#z8B&L) for any salt, N, r, p