LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Why is Argon2id the modern default for password hashing, instead of fast hashes like SHA-256?

Because password hashing must be deliberately slow and memory-hard to thwart GPU/ASIC brute-force attacks. Argon2id (Password Hashing Competition winner, 2015) tunes both time and memory, defeating cheap parallel cracking.

The problem with using SHA-256 directly:

  • SHA-256 is designed to be fast — billions of hashes per second on a modern GPU.
  • A leaked password database hashed with SHA-256 can be cracked at 10⁹+ guesses/sec — most non-random passwords fall in minutes.

What Argon2id adds:

  • Configurable time cost — number of iterations, slows down each guess.
  • Configurable memory cost — each hash requires megabytes of RAM, making GPU/ASIC attacks expensive (GPU RAM is small and shared).
  • Parallelism cost — degree of parallelism the legitimate verifier can use without giving the attacker the same advantage.
  • "id" hybrid — combines data-independent (Argon2i, side-channel safe) and data-dependent (Argon2d, GPU-resistant) modes.

Predecessors and their issues:

Algorithm Year Status
MD5(pw) Trivial to crack
SHA-256(pw) Same — too fast
PBKDF2 2000 Time-hard, NOT memory-hard — vulnerable to GPU/ASIC
bcrypt 1999 Time-hard, mildly memory-hard (4 KiB), still strong
scrypt 2009 Time + memory hard, but less tunable than Argon2
Argon2id 2015 Modern default — recommended by OWASP, IETF (RFC 9106)

Recommended Argon2id params (OWASP 2024): memory = 19 MiB, iterations = 2, parallelism = 1 (interactive logins); higher for high-value secrets.

Tip: Never store passwords with a plain hash. Use a maintained library (libsodium, argon2-cffi, Spring Security's Argon2PasswordEncoder) — implementing Argon2 by hand is a recipe for parameter mistakes.

From Quiz: ISF / Cryptographic Protocols & Requirements | Updated: Jul 14, 2026