Argon2 Hasher: Memory-Hard Password Hashing
Hash passwords with Argon2 — the winner of the Password Hashing Competition — with tuning guide.
Published:
Tags: Argon2 password hasher, Argon2 hashing guide, password hashing Argon2
Argon2 Hasher: Memory-Hard Password Hashing Argon2 is the winner of the Password Hashing Competition and the current OWASP first-choice algorithm for storing passwords. Its memory-hard design means that even if an attacker steals your password database, cracking it at scale requires enormous amounts of RAM — making GPU farms and ASICs dramatically less effective than they are against bcrypt or PBKDF2. --- What Makes Argon2 Memory-Hard? Traditional hashing functions like SHA-256 can be evaluated in microseconds with minimal memory. GPUs can run billions of SHA-256 operations per second in parallel, making brute-force attacks on SHA-256-hashed passwords trivial. Argon2 forces each hash operation to fill a large region of memory (called the memory parameter ) with pseudorandom data during…
Frequently Asked Questions
What is Argon2?
Argon2 is a memory-hard password hashing function that won the Password Hashing Competition (PHC) in 2015. It is standardized in RFC 9106 and is the OWASP first-choice recommendation for password storage because its memory requirements make GPU and ASIC-based brute-force attacks prohibitively expensive.
How do I use Argon2 for password hashing?
Use the Argon2id variant with at least 19 MiB of memory, 2 iterations, and parallelism of 1 as your baseline. In Python, use argon2-cffi; in Node.js use argon2 or argon2-browser. Always store the full encoded string (which includes salt, parameters, and hash) so verification can reconstruct the same configuration.
What are the Argon2 variants (i, d, id)?
Argon2d maximizes GPU-attack resistance by making memory access data-dependent, but is vulnerable to side-channel attacks. Argon2i uses data-independent memory access, resisting side-channels but is slightly weaker against GPU attacks. Argon2id is the hybrid: the first half uses Argon2i passes, the second half uses Argon2d. Use Argon2id for password hashing in virtually all cases.
How do I tune Argon2 parameters?
Start from the OWASP minimum (m=19456, t=2, p=1) and benchmark on your server. Increase memory first, then time cost, until hashing takes approximately 500ms–1000ms on your hardware. More time spent hashing means more time an attacker must spend per guess. Re-benchmark when upgrading hardware.
Is Argon2 better than bcrypt?
For new systems, yes — Argon2id is better than bcrypt because its memory-hardness resists GPU and ASIC attacks that bcrypt cannot. bcrypt's 72-byte input limit is also a practical disadvantage. That said, bcrypt at cost factor 12+ is still acceptable for existing systems that cannot migrate immediately.
All articles · theproductguy.in