Online Argon2 Hash Generator & Verifier

Argon2 is the winner of the Password Hashing Competition (2015) and the recommended modern password-hashing function today. Choose a variant (argon2id, argon2i, or argon2d) and set memory, iterations, parallelism, salt, and pepper in "More settings". Generate and Verify modes are available. Everything runs on your device.

The result will appear here...
or click the button

Everything runs in your browser. Your data is never sent to our servers.

728 × 90Ad Space AvailablePlace your ad here

Example

Example Input

Password: hunter2  •  Variant: argon2id

Example Output

$argon2id$v=19$m=4096,t=3,p=1$...

How to Use

  1. 1Choose Generate or Verify mode.
  2. 2Enter the password.
  3. 3In "More settings", pick the variant (argon2id/i/d) and set memory, iterations, parallelism, hash length, salt, and pepper as needed.
  4. 4Click the button to generate a hash, or paste an existing hash in Verify mode to compare.

About Argon2

Argon2 is a password key-derivation function (KDF) that won the Password Hashing Competition in 2015. It is designed to be "memory-hard", meaning it needs a lot of memory to compute, making it very expensive to attack with GPUs or ASICs.

There are three variants: argon2d (resistant to GPU attacks but vulnerable to side-channels), argon2i (side-channel resistant, for password hashing), and argon2id (a hybrid of both — recommended for most cases). You control the time cost (iterations), memory cost (KiB), and parallelism.

Argon2 is the best choice for storing new passwords today. A salt is required (auto-generated if left blank), and you can add a pepper as an extra application-side secret. Note: Argon2 computation runs via WebAssembly in your browser.

FAQ

What is the difference between argon2id, argon2i, and argon2d?

argon2d is fast and GPU-attack resistant but vulnerable to side-channels; argon2i is side-channel resistant; argon2id combines both and is recommended for almost all password-storage use cases.

Why is Argon2 better than bcrypt?

Argon2 is memory-hard, making it far more expensive to attack with specialized hardware (GPU/ASIC) than bcrypt. Both are secure, but Argon2 is the modern standard recommended by OWASP.

Is my password sent to a server?

No. Argon2 is computed in your browser using WebAssembly. Your password never leaves your device.

Related Tools

Related Categories