Argon2 Hash Generator

Argon2 is the winner of the Password Hashing Competition (PHC) in 2015, designed to be the most secure password hashing algorithm. It is memory-hard, meaning it requires a significant amount of memory to compute, making it extremely resistant to GPU, ASIC, and FPGA-based brute-force attacks. Unlike older algorithms like bcrypt or scrypt, Argon2 provides fine-grained control over memory usage, time cost, and parallelism, allowing you to tune security based on your hardware. It is widely recommended by security experts including OWASP and is the default password hashing algorithm in many modern frameworks.

Argon2i is optimized for side-channel attack resistance. It accesses memory in a data-independent pattern, making it ideal for situations where timing attacks are a concern. However, it is slightly slower.

Argon2d is optimized for GPU resistance. It uses data-dependent memory access, making it the fastest variant and strongest against GPU/ASIC attacks, but potentially vulnerable to side-channel attacks.

Argon2id is the recommended hybrid — it uses Argon2i for the first pass and Argon2d for subsequent passes. This provides strong GPU resistance while maintaining good side-channel protection. For most applications, choose Argon2id.

According to OWASP recommendations (2024):

• Memory (m): At least 64 MB (65,536 KB). Use 128 MB or more for high-security applications.
• Iterations (t): At least 3. Use 5-10 for enhanced security.
• Parallelism (p): Set to the number of CPU cores available (typically 4).
• Hash Length: 32 bytes (256 bits) is standard and sufficient.
• Variant: Use Argon2id.

The "Recommended" preset on this tool (64MB, 3 iterations, 4 lanes) follows OWASP's baseline guidance. Adjust based on your server's capabilities and security requirements.

bcrypt has a fixed memory cost (4KB), making it vulnerable to FPGA and ASIC attacks as hardware improves. It also has a 72-byte password limit.

scrypt improved on bcrypt with configurable memory, but its design can be optimized by attackers using time-memory trade-offs (TMTO).

Argon2 addresses both weaknesses: it offers independently tunable memory, time, and parallelism parameters, and its design maximizes TMTO resistance. Argon2 also supports additional features like server-side secrets (pepper) and associated data. It is the most modern and cryptographically robust choice available today.

Use the Encoded Format output from this tool. The encoded string (e.g., $argon2id$v=19$m=65536,t=3,p=4$salt$hash) contains all parameters needed for verification. Most Argon2 libraries provide a verify() function:

• Node.js: Use argon2 npm package — argon2.verify(encodedHash, password)
• Python: Use argon2-cffi — PasswordHasher().verify(encodedHash, password)
• PHP: Use password_verify($password, $encodedHash) (PHP 7.2+)
• Go: Use golang.org/x/crypto/argon2

The encoded format ensures forward compatibility — parameters can be upgraded without breaking existing hashes.

A salt is a random value added to the password before hashing to ensure that identical passwords produce different hashes. Without a salt, attackers can use precomputed rainbow tables to instantly crack hashes. Argon2 requires a salt — this tool auto-generates a cryptographically secure 16-byte random salt for each hash. The salt is stored alongside the hash (included in the encoded format), so you don't need to keep it secret. A unique salt per password defeats rainbow table attacks and makes brute-force attacks significantly more expensive.

A pepper (or secret key) is an additional secret value that is not stored in the database. Unlike the salt (which is stored with each hash), the pepper is kept separately — typically in a secure configuration file, hardware security module (HSM), or environment variable. If an attacker gains access to the database but not the pepper, they cannot crack any password hashes. This provides an extra layer of defense. In this tool, you can optionally provide a pepper/secret key, and Argon2 will incorporate it into the hash computation.

Yes, this tool is completely safe. All Argon2 computation happens entirely in your browser using WebAssembly (via the hash-wasm library). Your password is never transmitted over the network, never logged, and never stored on any server. The hash is generated locally on your device. You can verify this by disconnecting your internet after the page loads — the tool will continue to work. For production use, always hash passwords on your server, not on the client.

The standard Argon2 encoded format is:
$argon2id$v=19$m=65536,t=3,p=4$<base64-salt>$<base64-hash>

• $argon2id$ — variant identifier (i, d, or id)
• v=19 — Argon2 version (0x13 = 19 = version 1.3)
• m=65536 — memory cost in KB
• t=3 — time cost (iterations)
• p=4 — parallelism (lanes)
• $<salt>$<hash> — Base64-encoded salt and hash (without = padding)

This self-describing format ensures that any Argon2 library can verify the hash without needing separately stored parameters.

Absolutely. While Argon2 is primarily designed for password hashing, its memory-hard properties make it useful for:

• Key derivation — deriving encryption keys from passwords (KDF)
• Proof-of-work — memory-hard PoW systems resistant to ASICs
• Digital signatures — as part of memory-hard signature schemes
• File integrity — generating tamper-resistant hashes

Argon2's flexibility with tunable parameters makes it adaptable to various cryptographic needs beyond just password storage.