About Argon2 Demo Hash

Generate an argon2id PHC-formatted hash preview for docs / fixtures. Part of the DevTools Surf developer suite. Browse more tools in the Generators collection.

Use Cases

• Security engineers generating reference hashes for documentation
• Auth system devs testing PHC-format hash parsing
• DevOps teams tuning memory and iteration parameters for production
• Compliance officers verifying password hashing meets OWASP standards

Tips

• Use argon2id variant for the best hybrid attack resistance
• Adjust memory cost to match your server's RAM constraints
• Output follows the PHC string format for direct storage

Fun Facts

• Argon2 won the Password Hashing Competition (PHC) in July 2015, beating 23 other submissions over a two-year evaluation by a panel of cryptography experts.
• Argon2id combines two variants: Argon2i (side-channel resistant) and Argon2d (GPU-resistant), offering the best protection against both attack classes.
• OWASP recommends Argon2id with a minimum of 19MB memory, 2 iterations, and 1 degree of parallelism as of their 2023 password storage cheat sheet.

FAQ

Is this a real hashing tool?

It produces a PHC-formatted argon2id string for documentation and fixtures. For production password hashing, use your language's argon2 library — browser-side argon2 is too slow to tune safely.

Why argon2 over bcrypt?

Argon2 won the Password Hashing Competition (2015). It has memory-hardness — much harder to crack on GPUs. Recommended by OWASP for new systems.

What parameters should I pick?

Defaults match OWASP guidance: memory 19 MB, iterations 2, parallelism 1. For high-security systems tune based on OWASP's server-side sizing guide.

Are these hashes safe to commit to git?

As fixtures, yes — they don't reveal the password. But treat any hash conservatively; don't commit production hashes to public repos.