Argon2id
Winner of the Password Hashing Competition. Memory-hard, side-channel resistant, three tunable knobs. The 2026 default.
By Deepak Gupta ·
Argon2id is the recommended password-hashing function in OWASP's 2025 cheatsheet, in NIST SP 800-63B, and in essentially every other modern guidance document. It's the winning entry of the 2015 Password Hashing Competition and exposes three independent tuning parameters: time cost (iteration count), memory cost (KB of RAM per hash), and parallelism (lanes). The `id` variant combines the side-channel-resistant Argon2i with the GPU-hostile Argon2d, giving you the best of both. The recommended 2026 starting point for online authentication is `t=2, m=19MiB, p=1`, raising memory until a single verify takes ≈50-100 ms on production hardware.
Recommended uses
- ·Password hashing for all new designs
- ·Key derivation from low-entropy secrets
Known attacks / caveats
- ·None practical.
Designed by
Biryukov, Dinu, Khovratovich, published 2015.
Deep dive on guptadeepak.com
The Complete Guide to Password Hashing: Argon2 vs Bcrypt vs Scrypt vs PBKDF2 (2026)
The deep-dive on which password-hashing function to pick and how to tune it.