Argon2 Browser
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Hash Wasm | 563 |  | 100 | 15 days ago | 38 | November 13, 2023 | 8 | other | TypeScript | |
| Lightning fast hash functions using hand-tuned WebAssembly binaries | ||||||||||
| Argon2 Cffi | 472 |  | 365 | 216 | 14 hours ago | 17 | August 15, 2023 | mit | Python | |
| Secure Password Hashes for Python | ||||||||||
| Noble Hashes | 372 |  | 537 | 11 days ago | 27 | August 23, 2023 | 3 | mit | JavaScript | |
| Audited & minimal JS implementation of hash functions, MACs and KDFs. | ||||||||||
| Argon2id | 372 | 2 | 77 | 15 days ago | 2 | October 21, 2023 | 2 | mit | Go | |
| Argon2id password hashing and verification for Go | ||||||||||
| Password4j | 292 | 4 | 2 months ago | 21 | September 14, 2023 | 5 | apache-2.0 | Java | ||
| Java cryptographic library that supports Argon2, bcrypt, scrypt and PBKDF2 aimed to protect passwords in databases. Easy to use by design, highly customizable, secure and portable. All the implementations follow the standards and have been reviewed to perform better in the JVM. | ||||||||||
| Argon2 Browser | 234 | | 12 | 42 | 2 years ago | 31 | June 05, 2021 | 4 | mit | JavaScript |
| Argon2 library compiled for browser runtime | ||||||||||
| Ruby Argon2 | 219 |  | 23 | 8 | 3 months ago | 24 | December 27, 2022 | mit | Ruby | |
| A Ruby gem offering bindings for Argon2 password hashing | ||||||||||
| Argon2_elixir | 209 |  | 158 | 19 | 2 months ago | 48 | October 09, 2023 | 4 | apache-2.0 | Elixir |
| Elixir wrapper for the Argon2 password hashing algorithm | ||||||||||
| Go Argon2 | 104 | 3 | 1 | 5 years ago | 1 | November 09, 2018 | 2 | mit | Go | |
| Go bindings for Argon2 | ||||||||||
| Argon2pw | 86 | 1 | 2 years ago | 4 | September 10, 2021 | gpl-3.0 | Go | |||
| Argon2 password hashing package for go with constant time hash comparison | ||||||||||
Argon2 in browser 
Argon2 is a password-hashing function, the winner of Password Hashing Competition. Here Argon2 library is compiled for browser runtime.
The numbers
| Time, ms (lower is better) | |
|---|---|
| Chrome WASM | 225 |
| Chrome WASM+SIMD | 119 |
| Firefox WASM | 195 |
| Firefox WASM+SIMD | 135 |
| Safari WASM | 174 |
| Native -O3 SSE | 15 |
| Native -O3 | 42 |
| Native -O1 | 55 |
| Native -O0 | 395 |
Test Environment
Environment used to get the numbers above:
Algorithm parameters (-d -t 100 -m 10 -p 1):
- iterations: 100
- memory: 1MiB (1024 KiB)
- hash length: 32
- parallelism: 1
- argon2d
Environment:
- MacBook pro 2020, Intel Core i7, 2.3GHz (x64), macOS 10.14.6 (18G95)
- Chrome 85.0.4183.83 (Official Build)
- Firefox 80.0.1
- Safari 13.1.2 (15609.3.5.1.3)
- native argon2 compiled from P-H-C/phc-winner-argon2 @440ceb9
Code size
ll -h dist
| File | Code size, kB |
|---|---|
| argon2.js | 14 |
| argon2.wasm | 25 |
Is Argon2 modified?
No, it's used a submodule from upstream.
SIMD
SIMD is not quite here in WebAssembly, however for those who would like to give it a try, we already provide a working build with SIMD. At the moment it works only in Chrome, to be able to use it, you need to either add this origin trial to your website, or enable the SIMD feature in Chrome flags.
More about WebAssembly SIMD support in V8: https://v8.dev/features/simd
On Firefox you need to enable javascript.options.wasm_simd option in about:config.
To use the SIMD version, load argon2-simd.wasm instead of argon2.wasm.
JS Library
The library can be installed from npm:
npm install argon2-browser
Then add this script to your HTML or use your favorite bundler:
<script src="node_modules/argon2-browser/lib/argon2.js"></script>
Alternatively, you can use the bundled version, this way you can include just one script:
<script src="node_modules/argon2-browser/dist/argon2-bundled.js"></script>
Calculate the hash:
argon2.hash({ pass: 'password', salt: 'somesalt' })
.then(h => console.log(h.hash, h.hashHex, h.encoded))
.catch(e => console.error(e.message, e.code))
Verify the encoded hash (if you need it):
argon2.verify({ pass: 'password', encoded: 'enc-hash' })
.then(() => console.log('OK'))
.catch(e => console.error(e.message, e.code))
Other parameters:
argon2.hash({
// required
pass: 'password',
salt: 'salt',
// optional
time: 1, // the number of iterations
mem: 1024, // used memory, in KiB
hashLen: 24, // desired hash length
parallelism: 1, // desired parallelism (it won't be computed in parallel, however)
secret: new Uint8Array([...]), // optional secret data
ad: new Uint8Array([...]), // optional associated data
type: argon2.ArgonType.Argon2d, // Argon2d, Argon2i, Argon2id
})
// result
.then(res => {
res.hash // hash as Uint8Array
res.hashHex // hash as hex-string
res.encoded // encoded hash, as required by argon2
})
// or error
.catch(err => {
err.message // error message as string, if available
err.code // numeric error code
})
argon2.verify({
// required
pass: 'password',
encoded: 'enc-hash',
// optional
secret: new Uint8Array([...]), // optional secret data
ad: new Uint8Array([...]), // optional associated data
type: argon2.ArgonType.Argon2d, // Argon2d, Argon2i, Argon2id. default: guess
})
// result
.then(res => {
res.hash // hash as Uint8Array
res.hashHex // hash as hex-string
res.encoded // encoded hash, as required by argon2
})
// or error
.catch(err => {
err.message // error message as string, if available
err.code // numeric error code
})
Usage
You can use this module in several ways:
- write the WASM loader manually, for example, if you need more control over memory (example);
- bundle it with WebPack or another bundler (example);
- in vanilla js: example;
- in node.js: example (see a note below).
Bundlers
- WebPack: examples/webpack
- create-react-app: examples/react. Derived from #38
Node.js support
Of course you can use generated WASM in node.js, but it's not sensible: you will get much better speed by compiling it as a native node.js addon, which is not that hard. Wait, it's already done, just install this package.
Is it used anywhere?
It is! KeeWeb (web-based password manager) is using it as a password hashing function implementation. Check out the source code, if you're interested.
Building
You can build everything with
./build.sh
Prerequisites:
- emscripten with WebAssembly support (howto)
- CMake
