argon2

What is argon2?

The argon2 npm package is a library for hashing passwords using the Argon2 algorithm, which is a modern, secure, and memory-hard hashing algorithm. It is designed to be resistant to GPU cracking attacks and is considered one of the most secure password hashing algorithms available.

What are argon2's main functionalities?

Hashing a password

This feature allows you to hash a password using the Argon2 algorithm. The hash function takes a plain text password and returns a hashed version of it.

const argon2 = require('argon2');
(async () => {
  try {
    const hash = await argon2.hash('password');
    console.log(hash);
  } catch (err) {
    console.error(err);
  }
})();

Verifying a password

This feature allows you to verify a password against a previously hashed password. The verify function takes a hash and a plain text password and returns a boolean indicating whether the password matches the hash.

const argon2 = require('argon2');
(async () => {
  try {
    const hash = await argon2.hash('password');
    const isMatch = await argon2.verify(hash, 'password');
    console.log(isMatch); // true
  } catch (err) {
    console.error(err);
  }
})();

Configuring hashing options

This feature allows you to configure various options for the hashing process, such as the type of Argon2 algorithm to use (argon2d, argon2i, or argon2id), memory cost, time cost, and parallelism.

const argon2 = require('argon2');
(async () => {
  try {
    const hash = await argon2.hash('password', {
      type: argon2.argon2id,
      memoryCost: 2 ** 16,
      timeCost: 5,
      parallelism: 1
    });
    console.log(hash);
  } catch (err) {
    console.error(err);
  }
})();

Other packages similar to argon2

bcrypt

bcrypt is a popular password hashing library that uses the bcrypt algorithm. It is widely used and has been around for a long time. While bcrypt is still considered secure, Argon2 is generally considered to be more secure due to its resistance to GPU cracking attacks and its memory-hard properties.

pbkdf2

pbkdf2 is a password hashing library that uses the PBKDF2 algorithm. It is part of the cryptographic library in Node.js and is widely used. However, PBKDF2 is not memory-hard and is considered less secure than Argon2 for password hashing purposes.

scrypt

scrypt is a password hashing library that uses the scrypt algorithm. It is designed to be memory-hard and is considered secure. However, Argon2 is generally considered to be more secure and efficient than scrypt, and it has been recommended by various security experts and organizations.

README

node-argon2

Bindings to the reference Argon2 implementation.

Usage

Currently, only the encrypt and verify methods are implemented for Argon2i, asynchronously.

To hash a password:

var argon2 = require('argon2');

argon2.encrypt('password', 'somesalt', function(err, hash) {
  if (err) // encryption failure
    throw err;

  doSomethingWith(hash);
});

Resultant hashes will be 90 characters long.

To verify a password:

var argon2 = require('argon2');

argon2.verify('<big long hash>', 'password', function(err) {
  if (err) // password did not match
    throw err;

  authenticate();
});

First parameter must have been generated by an Argon2 encoded hashing method, not raw.

License

Work licensed under the MIT License. Please check [P-H-C/phc-winner-argon2] (https://github.com/P-H-C/phc-winner-argon2) for license over Argon2 and the reference implementation.