Argon2 (Password Hashing)

A modern password hashing algorithm designed to be slow and memory-hard.

Difficulty: Advanced

How it works

  1. Argon2 is designed to protect stored passwords by making large-scale guessing attacks expensive in time and memory.
  2. When a user creates a password, the system generates a random salt and runs Argon2 with parameters that control how long it runs and how much memory it uses.
  3. The output is stored together with the salt and parameters. To check a password, the system repeats the same Argon2 computation and compares the result.
  4. Attackers who steal a password database now have to run Argon2 for every guess, which slows down their attempts and makes hardware attacks more costly.
  5. In practice you use a library that implements Argon2 and choose parameters according to current best-practice recommendations.
Press Shift + Enter

What is it?

Argon2 is a modern, memory-hard key derivation function that won the Password Hashing Competition in 2015. Unlike fast hash functions (like SHA-256) which are designed to be computed rapidly, Argon2 is intentionally designed to be slow and heavily reliant on computer memory. This makes it incredibly expensive and inefficient for attackers to use specialized hardware (like GPUs or ASICs) to crack passwords. It remains the absolute gold standard for securely hashing user passwords in modern application databases.

Try it yourself

Can you decrypt this challenge?

VHVY GUVF ZRNGL (example ciphertext)

Where this shows up today

To protect stored passwords from brute-force and dictionary attacks powered by highly parallelized custom hardware (GPUs/ASICs).