argon2

Argon2 is a Node.js binding for the Argon2 password hashing algorithm, the winner of the 2015 Password Hashing Competition. Argon2 is considered the most secure password hashing algorithm available, designed to be resistant to GPU cracking attacks, side-channel attacks, and time-memory trade-off attacks. The algorithm has three variants: Argon2d (data-dependent, maximum resistance to GPU cracking), Argon2i (data-independent, resistant to side-channel attacks), and Argon2id (hybrid, recommended for most use cases). The Node.js library provides a simple API: argon2.hash(password) creates a hash with secure defaults, and argon2.verify(hash, password) checks a password against a stored hash. Argon2's configurable parameters include memory cost (amount of RAM used), time cost (number of iterations), and parallelism (number of threads), allowing the computational cost to be tuned precisely. The hash output is a self-describing string containing all parameters needed for verification, similar to bcrypt. Argon2 is recommended by OWASP as the primary choice for password hashing, ahead of bcrypt and scrypt. The argon2 package uses native bindings compiled through node-gyp for optimal performance.