Argon2 Hash Generator

About the Argon2 Hash Generator

The Argon2 Hash Generator produces Argon2 password hashes and verifies existing hashes. Argon2 won the Password Hashing Competition (PHC) in 2015 and is the current recommended algorithm for password storage, key derivation, and credential hashing. It is configurable for memory cost, time cost, and parallelism — making it resistant to GPU and ASIC brute-force attacks.

How to Use

• Enter the password or input string to hash.
• Select the Argon2 variant: Argon2id (recommended), Argon2i, or Argon2d.
• Configure the cost parameters: memory (KB), iterations (time cost), and parallelism (threads).
• Click Generate Hash. The output is an encoded Argon2 hash string including the variant, parameters, salt, and hash.
• To verify a password against an existing hash, paste the hash and the password and click Verify.

Argon2 Variants

• Argon2id — The recommended variant for most use cases. Combines the memory-hardness of Argon2d (resistant to GPU attacks) with the side-channel resistance of Argon2i (resistant to cache-timing attacks). OWASP and RFC 9106 recommend Argon2id for password hashing.
• Argon2i — Optimised for resistance against side-channel attacks. Uses data-independent memory access, making it suitable for environments where timing attacks are a concern (smart cards, HSMs). Slightly weaker against GPU attacks than Argon2d.
• Argon2d — Uses data-dependent memory access for maximum resistance to GPU and ASIC brute-force attacks. Not recommended for password hashing where the attacker might observe cache timing; preferred for cryptocurrency key derivation and disk encryption.

Cost Parameters Explained

• Memory cost (m) — The amount of memory (in kilobytes) the algorithm uses. Higher memory makes GPU and ASIC attacks expensive. OWASP recommends a minimum of 19 MB (19,456 KB) for Argon2id. Increase this as hardware improves.
• Time cost / iterations (t) — The number of passes over the memory. Higher values increase computation time linearly. A minimum of 2 iterations is recommended; increase if you need more latency without adding more memory.
• Parallelism (p) — The number of parallel threads. Should be set to the number of CPU cores available on the hashing server. Does not significantly increase security on its own but allows the hash to use multiple cores when verifying.
• Salt — A unique random value per hash, generated automatically. The salt prevents precomputed rainbow table attacks and ensures two identical passwords produce different hashes. Never reuse salts.
• Output length — The length of the derived hash in bytes. 32 bytes (256 bits) is standard for password hashing.

Argon2 vs bcrypt vs scrypt vs PBKDF2

• Argon2id — Best overall. Memory-hard, parallelism-configurable, side-channel resistant. The modern choice for new systems.
• bcrypt — Widely supported, battle-tested. Memory cost is fixed and low (4 KB), making it increasingly susceptible to GPU attacks as hardware improves. Still acceptable for most web applications but prefer Argon2id for new projects.
• scrypt — Memory-hard like Argon2 but less flexible. Parameters are tightly coupled (increasing N also increases memory). Less tooling support than Argon2.
• PBKDF2 — The most widely supported (mandated by NIST and FIPS). Not memory-hard — can be efficiently parallelised on GPUs. Only recommended when FIPS compliance is required or Argon2/bcrypt is unavailable.

Frequently Asked Questions

What parameters should I use for Argon2id in production?

OWASP recommends Argon2id with m=19456 (19 MB), t=2, p=1 as a minimum configuration. If hashing latency budget allows, increase memory first, then time cost. Benchmark on your production hardware and target 300–500 ms per hash operation for interactive login flows.

Does Argon2 automatically include a salt?

Yes. A random salt is generated per hash and embedded in the encoded output string. The full encoded output (e.g., $argon2id$v=19$m=19456,t=2,p=1$...) contains all parameters and the salt needed to verify the password — store the complete encoded string, not just the raw hash bytes.

Is Argon2 supported in PHP, Python, and Node.js?

Yes. PHP: password_hash($password, PASSWORD_ARGON2ID) and password_verify() (PHP 7.3+). Python: argon2-cffi library (pip install argon2-cffi). Node.js: argon2 package (npm install argon2). Java: de.mkammerer.argon2 library. Most language ecosystems have a well-maintained Argon2 binding.

What does the encoded Argon2 hash string mean?

The standard encoded format is: $argon2id$v=19$m=65536,t=3,p=4$[base64 salt]$[base64 hash]. The fields are the variant (argon2id), version (v=19), memory cost (m=65536 KB), time cost (t=3), parallelism (p=4), a Base64-encoded random salt, and the Base64-encoded output hash. Libraries parse this string automatically during verification.

Can I use Argon2 for things other than passwords?

Yes. Argon2 is a general key derivation function (KDF). It is used for disk encryption key derivation, credential-based key stretching, API key hardening, and any scenario where you need to derive a cryptographic key from a low-entropy input like a passphrase.