argon2

Calculate a hash with a password and a salt with the default parameters

$ echo "[password]" | argon2 "[salt_text]"

$ echo "[password]" | argon2 "[salt_text]" -[d|i|id]

$ echo "[password]" | argon2 "[salt_text]" -e

$ echo "[password]" | argon2 "[salt_text]" -t [5] -m [20] -p [7]

argon2 [OPTION]... [PASSWORD [SALT]]

-h, --help
    Display help message and exit

-v, --version
    Display version information and exit

-e, --encode-output
    Encode output with Base64

-d, --decode-input
    Decode password and salt input from Base64

-p FILE, --password FILE
    Read password from FILE or FD (instead of args/stdin)

-s FILE, --salt FILE
    Read salt from FILE or FD

-t N, --time-cost N
    Time cost (iterations), default: 2

-m N, --memory-cost N
    Memory cost in KiB, default: 102400

-g N, --parallelism N
    Degree of parallelism (threads), default: 2

-l N, --hash-length N
    Output hash length in bytes, default: 32

-I, --argon2i
    Use Argon2i variant (default)

-D, --argon2d
    Use Argon2d variant

-id, --argon2id
    Use Argon2id variant (recommended)

-r FILE
    Write raw (binary) hash to FILE

--verify
    Verify mode (expects hash as arg, password via stdin)

The argon2 command computes secure, memory-hard hashes for passwords using the Argon2 algorithm, winner of the 2015 Password Hashing Competition (PHC). It resists brute-force and side-channel attacks via tunable parameters: time cost (iterations), memory cost (KiB), and parallelism (threads). Supports variants Argon2i (side-channel resistant, default), Argon2d (GPU-resistant), and Argon2id (hybrid, recommended).

Typical use: hash passwords for storage with random salts. Output is PHC format (e.g., $argon2id$v=19$m=65536,t=3,p=4$c29tZXNhbHQ$ZW5jb2RlZA==), base64-encoded by default. Verify by piping password to argon2 <stored_hash, yielding OK or error.

Secure against parallel hardware attacks; adjust params for ~1s hash time per login on target hardware. Install via libargon2 package.

High memory settings may cause OOM kills on low-RAM systems; test params for <1s compute time. Salt must be unique/random per password. Not for real-time use without tuning.

$argon2[idi]$v=19$m=<mem>,t=<time>,p=<par>$<base64salt>$<base64hash>
Version 19 is current (0x13 hex).

echo -n 'password' | argon2 '$argon2id$v=19$m=65536,t=3,p=4$c29tZXNhbHQ$hash'   → OK or error.

Aim for 100ms-1s per hash: e.g., -id -t 3 -m 65536 -g 4 on modern CPU.

Argon2 designed by Jean-Philippe Aumasson/Daniel Dinu 2014-2015; PHC winner July 2015. CLI in reference libargon2 C impl (v0.0+, stable 20190702); widely adopted in libs like PHP password_hash, libsodium.

mkpasswd(1), openssl(1), sha256sum(1)