Argon2: Memory-Hard Password Hashing
Explore Argon2i, Argon2d, Argon2id and why memory-hardness matters.
Welcome
Argon2 won the Password Hashing Competition (PHC) in 2015 and is OWASP's top recommendation. Its memory-hard design defeats GPU and ASIC attacks that bcrypt cannot.
Why Memory-Hardness Matters
GPUs have thousands of cores but limited RAM per core (~1KB). Argon2 requires 64MB+ RAM per hash. Attackers trying 1000 parallel hashes need 64GB RAM — expensive and limited.
All lessons in this course
- Why Plain SHA-256 Fails for Passwords
- bcrypt: Algorithm & Cost Factor
- Argon2: Memory-Hard Password Hashing
- PBKDF2 & Choosing the Right Algorithm