Argon2 Hash Generator

If you are still hashing passwords with MD5 or SHA-1 in 2025, this is your intervention. Those algorithms were not designed for password storage, they run extremely fast on modern hardware, and fast is exactly the wrong property for a password hashing function. Fast means an attacker with a GPU can test billions of guesses per second against a leaked hash database. That is not a theoretical concern. It happens regularly, and the damage is predictable.

Argon2 was designed specifically to fix this. It won the Password Hashing Competition in 2015, which is the closest thing the cryptography world has to a peer-reviewed contest for practical algorithm selection. The competition ran for several years, evaluated dozens of submissions against real-world attack scenarios, and Argon2 came out as the recommended choice. That recommendation has held up.

This tool lets you generate and verify Argon2 hashes directly in your browser, with full control over the parameters that determine how hard the hash is to crack.

Why Argon2 Specifically

The fundamental problem with fast hash functions for password storage is that the same speed that makes them efficient for the legitimate user also makes them efficient for the attacker. If verifying a password takes one millisecond on your server, it also takes roughly one millisecond per guess on an attacker's hardware, scaled across however many GPUs they have running in parallel.

Argon2 is designed to be configurable and deliberately slow. You control how much memory it consumes, how many iterations it runs, and how many parallel threads it uses. A legitimate login check might add a fraction of a second to your authentication flow, which users will never notice. An attacker trying to brute-force a hash database faces the same cost multiplied across every single guess, which makes large-scale attacks computationally expensive to the point of being impractical against well-configured hashes.

It also resists GPU-based attacks specifically because of the memory requirements. GPU cores are numerous but have limited per-core memory. Forcing high memory usage per hash computation means that an attacker cannot simply throw more GPU cores at the problem to scale linearly. This is one of the design properties that distinguishes Argon2 from older adaptive algorithms like bcrypt.

The Three Variants Explained

The tool supports all three Argon2 variants, and they are not interchangeable. Understanding which one to use matters.

Argon2id is the recommended default for almost every use case. It combines properties of the other two variants: it uses data-independent memory access in the first half of its computation to resist side-channel attacks, and data-dependent memory access in the second half to resist time-memory tradeoff attacks. The OWASP password storage cheat sheet recommends Argon2id as the first choice for new systems. When in doubt, use this one.

Argon2i uses data-independent memory access throughout the entire computation. This makes it resistant to side-channel attacks, which matters in contexts where an attacker might be able to observe memory access patterns, such as certain cloud or shared hosting environments. It is less resistant to GPU cracking than Argon2id, so it is generally recommended only for specific scenarios where side-channel resistance is the primary concern.

Argon2d uses data-dependent memory access throughout, which maximizes resistance to GPU and ASIC cracking. The tradeoff is that it is potentially vulnerable to side-channel attacks. It is appropriate for applications where side-channel attacks are not a realistic threat model, such as cryptocurrency applications or scenarios where the attacker cannot observe the hashing process.

For standard password storage in web applications, Argon2id is the correct choice unless you have a specific reason to deviate.

Configurable Parameters and What They Mean

The three parameters this tool lets you adjust are what make Argon2 both powerful and tunable for your environment.

Memory cost (measured in kilobytes) controls how much RAM the algorithm consumes per hash computation. Higher values make the hash harder to crack because each attempt requires more memory. OWASP's current recommendation for Argon2id is a minimum of 19 MB (19,456 KB) for standard deployments. If your server has the headroom, higher is better.

Time cost (iterations) controls how many passes the algorithm makes over the memory. More iterations means more computation time per hash, which increases the cost for both the legitimate verification and any brute-force attack. A time cost of 2 combined with adequate memory is a reasonable starting point, though you should benchmark against your specific hardware to find the right balance between security and acceptable authentication latency.

Parallelism controls how many parallel threads the computation can use. This should generally be set to match the number of CPU cores available to the hashing process. Setting it higher than available CPU threads does not improve security and may degrade performance.

The right combination depends on your server's hardware and your acceptable authentication latency. A common approach is to benchmark your production environment and choose parameters that result in roughly 300 to 500 milliseconds of computation time per hash, which is imperceptible to users but genuinely costly at scale for an attacker.

How to Use the Argon2 Hash Generator

1. Enter the text you want to hash into the input area. For password hashing, this would be the plaintext password.
2. Select your Argon2 variant: Argon2id, Argon2i, or Argon2d.
3. Set your memory cost, time cost, and parallelism values.
4. Click the generate button to produce the hash.
5. The output appears instantly. Copy it to your clipboard with one click.

For verification, paste an existing Argon2 hash and the plaintext you want to test against it. The tool will confirm whether the input matches the hash using the parameters encoded in the hash string itself.

Everything runs client-side in your browser. The plaintext you enter, the parameters you configure, and the hash output are never transmitted to any server. For sensitive testing this matters, and it is worth stating plainly rather than leaving as an assumption.

Argon2 vs Other Hashing Algorithms

It helps to understand where Argon2 sits relative to the algorithms you might encounter in existing systems.

MD5 and SHA-256 are general-purpose cryptographic hash functions, not password hashing functions. They are fast by design, which makes them appropriate for file integrity checks and digital signatures but completely wrong for password storage. If you are using either for passwords, that needs to change. The MD5 Hash Generator and SHA-256 Hash Generator on this site are useful for checksums, data verification, and non-security contexts where speed is a feature rather than a liability.

bcrypt is an older adaptive password hashing function that has served reasonably well for decades. It has a memory limit of 4 KB per computation by design, which makes it more vulnerable to GPU-based attacks than Argon2 since modern GPUs have no trouble handling that memory footprint at scale. bcrypt is still acceptable for existing systems, but Argon2id is the better choice for anything new.

scrypt improved on bcrypt by adding configurable memory cost, but the parameter interaction is less intuitive and it has some implementation pitfalls. Argon2 supersedes it for new work.

PBKDF2 is still widely used because it is built into many standard libraries and complies with certain regulatory requirements. It is significantly weaker against GPU attacks than Argon2 because it has no memory hardness. NIST still approves it, so you will encounter it in compliance contexts, but it is not the right choice if you have freedom to select your own algorithm.

Practical Notes for Implementation

The hash output from Argon2 includes the variant, version, parameters, salt, and hash value all encoded in a single string. This means you do not need to store the parameters separately. When you verify a password later, the algorithm reads everything it needs from the stored hash string.

Generate a new random salt for every password. Never reuse salts. The tool handles salt generation automatically, but if you are implementing Argon2 in your own codebase, use a cryptographically secure random number generator for salt creation. Do not use predictable values.

For web application implementation, the reference implementation is available for C, and well-maintained bindings exist for most major languages including Python (argon2-cffi), Node.js (argon2 package), PHP (password_hash with PASSWORD_ARGON2ID since PHP 7.3), Go (golang.org/x/crypto/argon2), and Java (de.mkammerer/argon2-jvm).

Frequently Asked Questions

Which Argon2 variant should I use for password storage?

Argon2id is the recommended default for password storage in web applications. It combines resistance to side-channel attacks with strong resistance to GPU-based brute-force attacks. OWASP explicitly recommends Argon2id as the first choice for new systems.

What memory and time cost settings should I use?

OWASP recommends a minimum of 19 MB memory cost and a time cost of 2 for Argon2id as a baseline. The practical approach is to benchmark your production hardware and choose parameters that result in approximately 300 to 500 milliseconds per hash computation, then adjust as hardware improves over time.

Is this tool safe for testing real passwords?

The tool processes everything client-side in your browser. Nothing you enter is sent to any server. That said, for production security work, using controlled test values rather than real production passwords is generally good practice regardless of where the processing happens.

Can I use the output hash directly in my application?

The hash string this tool generates follows the standard Argon2 encoded format, which is compatible with most Argon2 libraries across languages. You can use it as a reference or for testing, but production hashing should happen server-side within your application using a trusted Argon2 library.