Password hashing
Password hashes are supposed to be slow. The point is that if your database leaks, the attacker pays the same cost per guess that you paid per login. Drag the cost sliders below to see the trade-off curve in real time.
A fixed demo salt is used so two runs of the same password reproduce. In production the salt is per-user random.
19 MiB (OWASP minimum is 19 MiB)
Argon2id
secureThe 2026 default. Memory-hard. Three tunable knobs. Recommended by OWASP and NIST.
bcrypt
deprecatedThe classic. Still everywhere in legacy systems. No memory-hardness knob; capped input at 72 bytes.
scrypt
secureThe original memory-hard hash. Still defensible; Argon2id is just the better-engineered successor.
Deep dives on password hashing
- The Complete Guide to Password Hashing: Argon2 vs Bcrypt vs Scrypt vs PBKDF2 (2026)
The deep-dive on which password-hashing function to pick and how to tune it.
- bcrypt, scrypt, and Argon2: Choosing the Right Password Hashing Algorithm
The 'three-knob' explanation of why memory-hard hashing matters.
- Comparative Analysis of Password Hashing Algorithms
Side-by-side benchmark of the four mainstream password-hash KDFs.
- The Science of Password Protection
Hashing + salting + the modern passwordless story in one piece.
- Secure Password Storage: Best Practices with Modern Hashing Algorithms
Practical implementation guide for storing hashes safely.
- What is a Password Hashing Algorithm?
The 101 explainer, perfect for non-engineering stakeholders.