Evaluating Argon2 adoption and effectiveness in real-world software

25•pregnenolone•1w ago

Comments

tialaramex•5h ago

"Real-World Software" maybe but not real world effectiveness.

A lot of effort was expended on modelling the hypothetical thing Argon2 is good at, but a reasonable question is: Does that make any real world difference? And my guess is that the answer, awkwardly, is approximately No.

If you use good passwords or you have successfully stopped using passwords in the decades we've known they're a bad idea, Argon2 makes no difference at all over any of the other reasonable choices, and nor does its configuration. If you figure that nobody will remember your password is hunter2 then Argon2 can't help you either. If the attack being undertaken is an auth bypass, Argon2 can't help. If they're stealing credentials, Argon2 can't help.

integralid•4h ago

Most people don't use password managers and their passwords are very weak - Argon2 helps here. And even if your use a password that most would consider strong, if something like md5 is used then modern gpsu can do a crazy number of operations per second and have a serious shot at breaking then - Argon2 helps here. Not every programmer knows how to handle passwords properly, and may forget to use salt. Argon2 makes this impossible, and helps here. Finally when comparing to something like bcrypt, improvements are less significant, but improved gpu resistance won't hurt. And bcrypt has weird implementation quirks (password length restriction) that lead to real world vulnerabilities, argon does not.

In short, I disagree.

helpfulclippy•3h ago

Strong hashes aren’t so useful for you the individual with a high entropy per-site password… they’re useful for responsible organizations trying to proactively mitigate the impact of a future data breach on users with bad password habits (which is a lot of users).

If ClownCo gets hacked that’s bad. If ClownCo gets hacked and discloses millions of sets of credentials, it is now enabling a new wave of credential stuffing attacks.

palantird•4h ago

> ... developer education remain essential for realizing Argon2's theoretical advantages.

> 46.6% of deployments use weaker-than-OWASP parameters.

Sounds like a job for better default parameter values. I'm willing to bet most startups just install the default argon2 (or password hashing) library in their language of choice and don't jump head-first into the rabbithole of fine-tuning argon2 parameters unless a contract or certification depend on it.

swiftcoder•3h ago

The documentation on this is... uh... intimidating? I come away from this with the sense that I need to learn a whole lot about cryptography to make a good decision here:

https://argon2-cffi.readthedocs.io/en/stable/parameters.html

luizfelberti•3h ago

Do not reference these kinds of docs whenever you need practical, actionable advice. They serve their purpose, but are for a completely different kind of audience.

For anyone perusing this thread, your first resource for this kind of security advice should probably be the OWASP cheatsheets which is a living set of documents that packages current practice into direct recommendations for implementers.

Here's what it says about tuning Argon2:

https://cheatsheetseries.owasp.org/cheatsheets/Password_Stor...

tptacek•3h ago

It's been a couple years since I've looked but the track record of OWASP for cryptography advice has been pretty dismal.

linsomniac•2h ago

Do you have a better recommendation?

I feel bad for OWASP. They're doing the lords work, but seem to have a shoestring budget.

franciscop•3h ago

This reminded me to check, and now I'm happy to see Argon2 has finally made it into Node.js core!

https://github.com/nodejs/node/issues/34452

gregoriol•2h ago

It seems that PHP, Symfony, ... have kept bcrypt as their preference even when Argon2 is available; is there a rationale there from such big projects?

upofadown•22m ago

There is some thought that bcrypt is better than Argon2 for run times less than a second. So passwords in other words.

upofadown•25m ago

>...OWASP's recommended 46 MiB configuration reduces compromise rates by 42.5% compared to SHA-256...

Not sure that is a good comparison. The competition is against things like scrypt not raw hashes.

The default suggested 2GB Argon2 memory requirement is likely putting people off so there certainly is room for a different suggestion. It is just too bad this stuff wasn't worked out at the beginning.

Google demonstrates 'verifiable quantum advantage' with their Willow processor

Cryptographic Issues in Cloudflare's Circl FourQ Implementation (CVE-2025-8556)

Linux Capabilities Revisited

MinIO stops distributing free Docker images

Designing software for things that rot

AI assistants misrepresent news content 45% of the time

The security paradox of local LLMs

SourceFS: A 2h+ Android build becomes a 15m task with a virtual filesystem

Die shots of as many CPUs and other interesting chips as possible

Internet's biggest annoyance: Cookie laws should target browsers, not websites

French ex-president Sarkozy begins jail sentence

Go subtleties

Tesla Recalls Almost 13,000 EVs over Risk of Battery Power Loss

Infracost (YC W21) Hiring First Dev Advocate to Shift FinOps Left

Patina: a Rust implementation of UEFI firmware

Farming Hard Drives (2012)

Evaluating the Infinity Cache in AMD Strix Halo

Show HN: Cadence – A Guitar Theory App

The Dragon Hatchling: The missing link between the transformer and brain models

Greg Newby, CEO of Project Gutenberg Literary Archive Foundation, has died

Cigarette-smuggling balloons force closure of Lithuanian airport

Knocker, a knock based access control system for your homelab

LLMs can get "brain rot"

Sequoia COO quit over Shaun Maguire's comments about Mamdani

Ghostly swamp will-O'-the-wisps may be explained by science

Distributed Ray-Tracing

Starcloud

Power over Ethernet (PoE) basics and beyond

rlsw – Raylib software OpenGL renderer in less than 5k LOC

Ask HN: Our AWS account got compromised after their outage