Which Argon2 variant should I use?

Argon2id for general use — it is the OWASP and NIST recommended default. Argon2i if you need extra side-channel resistance (e.g., HSM environments). Argon2d for server-side key derivation where side channels are not a concern.

What parameters does OWASP recommend?

Minimum: Argon2id with m=19456 (19 MiB), t=2 iterations, p=1 parallelism. Stronger: m=65536 (64 MiB), t=3, p=4. Tune to stay under 500ms on your server hardware.

How does Argon2 compare to bcrypt?

bcrypt is memory-light — attackers can run thousands of bcrypt hashes in parallel on GPUs. Argon2 is memory-hard — its large memory footprint makes GPU parallelism expensive. For new systems, Argon2id is the better choice.

DevTools Surf

Argon2 Simulator

This tool is not yet implemented.

About Argon2 Simulator

Argon2 Simulator preview - Security / Crypto tool

Simulate Argon2 password hashing with time/memory cost configuration. Part of the DevTools Surf developer suite. Browse more tools in the Security / Crypto collection.

Use Cases

Choose optimal memory/time parameters for a given server budget
Compare Argon2id, Argon2i, and Argon2d variants for a specific threat model
Benchmark hash computation time before deploying to production
Educate teams on memory-hard password hashing concepts

Tips

Argon2id is the recommended variant for most applications — it resists both GPU attacks (like Argon2i) and side-channel attacks (like Argon2d)
Increasing memory cost (m) is the most effective way to raise attack cost — memory is expensive to parallelize on GPUs
The time cost (iterations) and parallelism parameters have diminishing returns compared to memory — focus on m first

Fun Facts

Argon2 won the Password Hashing Competition in 2015, a multi-year open competition organized by cryptographers to identify the best successor to bcrypt and scrypt. 24 algorithms competed.
Argon2 was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich at the University of Luxembourg. The paper describing it was published in 2016 and is one of the most cited works in applied cryptography.
GPU-accelerated bcrypt cracking achieves about 100,000 hashes/second on a modern GPU. Argon2, configured with 64MB of memory, reduces that to under 100 hashes/second — a 1,000x improvement in attacker cost.

FAQ

Which Argon2 variant should I use?: Argon2id for general use — it is the OWASP and NIST recommended default. Argon2i if you need extra side-channel resistance (e.g., HSM environments). Argon2d for server-side key derivation where side channels are not a concern.
What parameters does OWASP recommend?: Minimum: Argon2id with m=19456 (19 MiB), t=2 iterations, p=1 parallelism. Stronger: m=65536 (64 MiB), t=3, p=4. Tune to stay under 500ms on your server hardware.
How does Argon2 compare to bcrypt?: bcrypt is memory-light — attackers can run thousands of bcrypt hashes in parallel on GPUs. Argon2 is memory-hard — its large memory footprint makes GPU parallelism expensive. For new systems, Argon2id is the better choice.

Related Security / Crypto Tools

Hash Generator v2 HMAC Generator v2 JWT Encoder Bcrypt Hash Tester HMAC Generator Password Strength Analyzer TOTP / 2FA Generator SAML Response Decoder

DevTools Surf