argon2

Calculate a hash with a password and a salt with the default parameters

$ echo "[password]" | argon2 "[salt_text]"

$ echo "[password]" | argon2 "[salt_text]" -[d|i|id]

$ echo "[password]" | argon2 "[salt_text]" -e

$ echo "[password]" | argon2 "[salt_text]" -t [5] -m [20] -p [7]

argon2 [-d|-i|-id] [-t iterations] [-m memory_kb] [-p parallelism] [-k key] [-s salt] [-r|-e] [-v|-h] [password]

-t iterations
    Sets the time cost, increasing the number of iterations for the hash calculation.

-m memory_kb
    Sets the memory cost in kilobytes, controlling the memory footprint of the hash.

-p parallelism
    Sets the parallelism factor (number of lanes/threads) for the hash computation.

-d
    Uses the Argon2d variant, optimized for maximum resistance against GPU cracking attacks.

-i
    Uses the Argon2i variant, optimized for resistance against side-channel timing attacks.

-id
    Uses the Argon2id variant, a hybrid offering strong resistance against both GPU and side-channel attacks. This is generally the recommended variant.

-k key
    Provides a secret key for Key Derivation Function (KDF) mode, instead of a password.

-s salt
    Specifies the salt to be used. If omitted, a cryptographically secure random salt is generated.

-r
    Outputs the raw bytes of the generated hash, instead of the encoded string.

-e
    Outputs the standard Argon2 encoded hash string (this is the default behavior).

-v
    Displays the version information of the argon2 utility and exits.

-h
    Displays the help message with command usage and options, then exits.

password
    The password string to be hashed. If this argument is omitted, the utility will read the password from standard input, which is the more secure method.

The `argon2` command-line utility implements the Argon2 key derivation function, an algorithm selected as the winner of the Password Hashing Competition (PHC). Designed for robust security, Argon2 provides strong resistance against both GPU-based brute-force attacks and side-channel attacks, making it ideal for securely storing user passwords or deriving cryptographic keys. Users can specify parameters such as memory cost, time cost (iterations), and parallelism to tune the hash generation process for their specific security and performance requirements. It supports three main variants: Argon2d for maximum GPU resistance, Argon2i for side-channel resistance, and the recommended Argon2id, which offers a balanced approach. This tool is an essential component for any system requiring state-of-the-art password security.

Choosing appropriate parameters (-t, -m, -p) is absolutely crucial for the security of your hashes. Too low values will significantly weaken the security against brute-force attacks, while excessively high values might make the hashing process impractically slow. Always adjust these parameters based on the specific hardware capabilities and security requirements of your system.
It is strongly recommended to avoid providing passwords directly as command-line arguments (e.g., `argon2 "mypassword"`) as this can expose the password in system process lists (like `ps`). Instead, allow the `argon2` command to prompt for the password or pipe it through standard input.

The argon2 command supports three main variants of the Argon2 algorithm, each with specific optimizations:
Argon2d: Maximizes resistance against GPU cracking by employing data-dependent memory access. While very strong against brute-force, it can be potentially vulnerable to side-channel attacks.
Argon2i: Designed for maximum resistance against side-channel timing attacks by using data-independent memory access. It is slower for GPU cracking than Argon2d.
Argon2id: A hybrid approach that combines the strengths of both Argon2i and Argon2d. It uses data-independent memory access for the first pass and data-dependent memory access for subsequent passes. This variant is generally recommended for most applications as it offers a robust balance against both GPU and side-channel attacks.

The security and performance of Argon2 hashes depend critically on the chosen cost parameters (-t, -m, -p). The goal is to make a single hash computation sufficiently expensive for an attacker without hindering legitimate usage. A common recommendation is to select values that cause the hashing process to take hundreds of milliseconds (e.g., 500ms-1s) on the server where hashes are generated. The memory cost (-m) should utilize a significant portion of available RAM, typically tens or hundreds of megabytes. Parallelism (-p) can be set to the number of available CPU cores or threads to fully utilize system resources during hashing. Regular evaluation and adjustment of these parameters are advised as hardware capabilities and attack methodologies evolve.

Argon2 was conceived by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich, and it emerged as the definitive winner of the Password Hashing Competition (PHC) in July 2015. This competition was established to find a robust, modern, and secure password hashing algorithm that could effectively counter the evolving threats, particularly against GPU-based brute-force attacks and side-channel attacks, which older hashing functions struggled to resist. Its design principles emphasize high memory consumption and adjustable parallelism to deter specialized attack hardware.

bcrypt(1), sha256sum(1), openssl(1)