← Graph

Argon2

tool 5 connections

Password-hashing function, winner of the 2015 Password Hashing Competition. Argon2id variant recommended by Rafał Rothenberger and OWASP. Supports salt and pepper as explicit arguments (not appended to the password). Input length limit is about 4 GB (still needs limiting to avoid DoS on long-password attacks). Drop-in replacement for bcrypt for new applications; historical adoption was held back by performance issues.

category
library
talk Devise pitfalls and way to tighten security
about
Argon2 tool
Recommends Argon2id as the modern replacement for bcrypt.
takeaway Use Argon2id when you need pepper
about
Argon2 tool
Recommendation is about adopting Argon2id.
person Rafał Rothenberger
recommends
Argon2 tool
Recommends Argon2id as Devise replacement when pepper is needed.
tool Argon2
uses
Salt concept
Argon2 takes salt as an explicit argument rather than appending it.
tool Argon2
uses
Pepper concept
Argon2 supports pepper as an explicit argument.

Provenance

Created in
Devise pitfalls and way to tighten security — Rafał Rothe... 2026-04-17 21:52
Read by
8 extractions