Crypto
Argon2 Hash Calculator | Argon2id, Argon2i & Argon2d
Calculate an Argon2 hash from a password or any string. Supports all three variants — Argon2id, Argon2i, and Argon2d — with OWASP-recommended memory cost and iteration presets. Everything runs in your browser, and nothing you enter is sent to a server.
Tips for Calculating an Argon2 Hash
- Argon2 won the 2015 Password Hashing Competition, and Argon2id is OWASP's current recommended variant. Unless you have a specific reason not to, choose Argon2id.
- The preset buttons offer the five memory-cost and iteration combinations recommended by the OWASP Password Storage Cheat Sheet. The more memory you allocate, the stronger the resistance to parallel GPU attacks.
- Raising the "parallelism (p)" value does not actually run the WebAssembly implementation in parallel in your browser, so the calculation time barely changes. Speedups from parallelism only apply on multi-core server environments.
- A new salt is generated automatically for every calculation, so the same text and parameters will still produce a different encoded hash each time.
- Setting the memory cost extremely high can make your browser tab temporarily unresponsive. We recommend starting with a value in the tens of megabytes.
Frequently Asked Questions
password_verify() or Argon2 verification libraries in other languages. Just be mindful of how you handle any sensitive input.
Side Note — The Password Hashing Competition and the Origins of Argon2
Argon2 was chosen as the winning algorithm from 24 submissions to the Password Hashing Competition (PHC), held between 2013 and 2015. It was designed to overcome a weakness shared by earlier schemes such as BCrypt (1999) and PBKDF2 (2000) — vulnerability to fast brute-force attacks using specialized hardware like GPUs and ASICs — by requiring a large amount of memory to compute.
Argon2 comes in three variants. Argon2d maximizes resistance to GPU-based attacks but is more exposed to side-channel attacks, while Argon2i is hardened against side-channel attacks at the cost of somewhat weaker GPU resistance. Argon2id is a hybrid that combines both properties, and it is now the first choice recommended for password storage by OWASP and many other security organizations.
Since PHP 7.2, generating an Argon2id hash is as simple as passing the PASSWORD_ARGON2ID constant to password_hash(). Official or semi-official libraries are also available for Node.js, Python, Ruby, and other major languages, and Argon2id is increasingly the default choice over BCrypt for storing passwords in newly built systems.