Argon2 Hash Generator
Generate and verify Argon2 password hashes — the PHC winner and the recommended algorithm for secure password storage in 2025.
Argon2 vs bcrypt vs scrypt
Argon2 won the Password Hashing Competition (PHC) in 2015 and is the modern recommendation for new systems. It has three variants: Argon2id (hybrid — recommended for most use cases), Argon2i (side-channel resistant), and Argon2d (fastest, for non-interactive workloads).
Unlike bcrypt (CPU-only, 72-byte password limit) and scrypt (memory-hard but single parameter), Argon2 lets you tune memory, CPU time, and parallelism independently. Higher memory cost defeats GPU and ASIC attacks more effectively than CPU iterations alone.
2025 production recommendations: Argon2id with 64MB+ memory, 3+ iterations, and parallelism matching your CPU cores. OWASP recommends 19MB minimum for interactive logins; 64MB+ for sensitive data. The PHC string format ($argon2id$v=19$...) encodes all parameters, making it self-describing and easy to verify.
Password string and random 16-byte salt — salt is unique per hash
Memory cost m (KB), time cost t (iterations), parallelism p — tune to your hardware budget
m KB of memory allocated and filled with BLAKE2b-derived blocks — GPUs can't parallelize across this
t passes traverse and mix the memory matrix — data-independent (Argon2i) or data-dependent (Argon2d) access
$argon2id$v=19$m=65536,t=3,p=4$base64-salt$base64-hash — store this entire string
Extract variant (id/i/d), version, m, t, p parameters, and encoded salt from the stored hash
Run Argon2 with the same password, extracted salt, and extracted parameters — reproduce the hash
Compare recomputed hash with stored hash using timing-safe equality — prevents oracle attacks
Match confirms the password is correct — plain-text is never stored or transmitted
Spec: RFC 9106 (Argon2), BLAKE2b (RFC 7693), PHC winner 2015