Argon2i, SHA512, or Bcrypt? Which is the best?

Amanda August 24, 2023 6 min read Hash
A comparison of Argon2i, SHA512, and Bcrypt password hashing algorithms to determine the best one for secure password storage.
On this page
Argon2i, SHA512, or Bcrypt? Which is the best?

Excerpt

Password hashing algorithms like Argon2i, SHA512, and Bcrypt play a critical role in securing stored passwords. This post compares the security, performance, and use case recommendations for choosing the best hashing algorithm.

Password hashing algorithms play a critical role in securing user accounts and data. With breaches and hacking attacks on the rise, choosing the right cryptographic hash function for password storage is more important than ever. In this post, we’ll compare three popular password hashing algorithms - Argon2i, SHA512, and Bcrypt - on security, performance, and use cases to help you pick the best one for your needs.

Introduction

When you store user passwords in your application’s database, you should never store them in plaintext. Instead, you need to run the passwords through a cryptographic hashing algorithm to get a hashed version for storage.

Hashing is a one-way function that scrambles plain text into fixed-length gibberish. It enables verification of passwords on login without needing to store the actual passwords.

The key requirements for a secure password hash algorithm are:

  • It should be computationally intensive to hinder brute force attacks.
  • Identical passwords should produce unique hash outputs (avoid collisions).
  • It should be deterministic so the same password always hashes to the same value.
  • The algorithm should be one-way making it impossible to reverse the hash back to the plaintext password.

Some common weak legacy algorithms like MD5 and SHA1 fail these criteria and should be avoided. Let’s see how Argon2i, SHA512, and Bcrypt stack up.

Comparison of Argon2i, SHA512, and Bcrypt

Argon2i

Argon2 is the winner of the Password Hashing Competition organized by cryptography experts in 2015 to select a new password hashing standard. It is designed to resist GPU cracking attacks.

Argon2 has two primary variants - Argon2i is optimized for password hashing while Argon2d is optimized for cryptocurrencies. Argon2i uses data-depending memory access to prevent tradeoff attacks and time-space tradeoff attacks.

Strengths:

  • Memory-hard algorithm to resist custom hardware cracking.
  • Configurable to balance memory and computation time.
  • Side-channel attack resistant.

Weaknesses:

  • Slower than Bcrypt in some tests.
  • Relatively new algorithm with less adoption currently.

SHA512

SHA512 is part of the SHA2 cryptographic hash family designed by the NSA. It produces a 512-bit hash value. Though not specifically designed for passwords, it remains a popular choice for password hashing.

An free online tool to quickly verify your answers

Strengths:

  • Very fast algorithm with wide programming language support.
  • The large 512-bit output provides good protection against brute force attacks.

Weaknesses:

  • Not memory-hard, making it vulnerable to GPU cracking attacks.
  • Basic algorithm without salts or work factors.

Bcrypt

Bcrypt was created in 1999 specifically for password hashing using the Blowfish cipher. It remains one of the most widely used algorithms thanks to it being battle-tested over decades.

Bcrypt introduced the concept of an adjustable work factor to control how slow the hash function runs for added protection against brute force attacks.

Strengths:

  • Battle-tested and widely adopted algorithm.
  • Configurable work factor allows scaling with hardware improvements.
  • Native salts to defeat rainbow table attacks.

Weaknesses:

  • Slower than SHA512 in benchmarks.
  • Harder to properly implement compared to Argon2i.

Security Considerations

The primary goal of a password hashing algorithm is to maximize security against cracking attempts through brute force, dictionary, or rainbow table attacks.

Some key factors to evaluate security include:

  • Hashing time - Faster is not better here. You want high computational complexity to make brute forcing infeasible. Configurable work factors help you increase difficulty over time.

  • Memory hardness - Requiring large memory minimizes the advantages of hardware accelerators like ASICs and GPUs for cracking hashes. This also increases computational time.

  • Side-channel resistance - Algorithm should not leak information through timing, cache, or other side-channels.

  • Salts - Unique salts per password prevent multi-target attacks using precomputed rainbow tables.

  • Versioning - The algorithm should support versioning/metadata to aid future upgrades.

Overall, Argon2i provides the best security with its memory-hard design, configurable time-memory tradeoffs, and side-channel attack resistance. Bcrypt is a close second with its adjustable work factor and password salting.

SHA512 is fast but lacks provisions like work factors and memory hardness offered by the newer algorithms designed for password hashing.

Performance Comparison

The computationally intensive hashing algorithms do consume more CPU resources which can impact response times in applications with intense login traffic.

Let’s look at some benchmark figures for hashing a simple password on a test system:

AlgorithmTime to hash (ms)
SHA5120.17
Bcrypt (work factor 10)15
Bcrypt (work factor 15)27
Argon2i26

SHA512 is blazingly fast while Bcrypt and Argon2i take orders of magnitude longer due to their deliberate slowness. This makes them better suited for password hashing use-cases.

Bcrypt gets exponentially slower as you increase the work factor. Tuning this parameter allows adjusting the hashing time based on your hardware capacity.

The resource consumption may not matter for occasional user logins. But for applications dealing with heavy continuous authentication, the overhead of Argon2i or Bcrypt could become noticeable.

Use Case Recommendations

Let’s look at suggestions for choosing a password hashing algorithm in different use cases:

Personal websites, blogs

Since these see only occasional traffic, Argon2i is a good choice for its strong security. The performance overhead will not matter here.

Enterprise applications

Bcrypt is the most battle-tested choice for enterprise apps with its widespread adoption and configurable work factor. Start with lower work factors and test thoroughly before rolling out to production.

Database password storage

Use Argon2i or Bcrypt. Adjust work factors to balance security and performance. Hardware upgrades may require tweaking work factors periodically.

Web APIs, Microservices

Lean towards SHA512 here for better response times if the use case demands low-latency repeated hashing on each call. But consider Argon2i for improved security if performance allows it.

Cryptocurrency wallet passwords

Use Argon2i for optimal security against wallet password cracking. Performance is not a constraint for offline wallets.

Best Practices for Secure Password Storage

Here are some tips to ensure you implement password hashing properly:

  • Never store passwords in plaintext or use weak hashes like MD5 or SHA1.

  • Generate a long random salt per password to prevent rainbow table attacks. Store this with the hashed password.

  • Choose a slow hash algorithm like Argon2i or Bcrypt with an adequately high work factor.

  • Hash passwords on the back-end before storing in the database. Avoid client-side JavaScript hashing.

  • Use unique salts for each user rather than a single application-wide salt.

  • Upgrade your hashing algorithm and work factors periodically to counter improving hardware. Rewrite existing hashes using the improved scheme.

  • Enforce strong password policies - long, complex passwords make brute forcing nearly impossible even with weak hashing.

  • Prevent leakage of password hashes at all costs in case of breaches. Follow least privilege and other security best practices.

Conclusion

Password hashing is a key piece of application security. Carefully chosen algorithms like Argon2i and Bcrypt using proper work factors and salting can protect your users even in the event of an attack. Always adopt best practices like using unique salts and upgrading algorithms periodically.

For optimal security, Argon2i is likely the best choice today with its memory-hard design and configurable features specifically built for password hashing. Bcrypt is also an excellent battle-tested option. Avoid plain SHA512 but it may serve specific low-latency use cases.

Match your hashing algorithm to your requirements and threat models. Prioritize security but also test performance implications thoroughly. Hashing passwords correctly will go a long way in keeping your application and user accounts secure.

IToolkit August 24, 2023 5 min read Blog
What is hashing? How is it used in security encryption?
What is hashing? How is it used in security encryption?
Hash
Explains what hashing is and how it is used in encryption for passwords, data integrity, digital signatures and other security applications.
Amanda August 29, 2023 4 min read Blog
What's the most known/popular hashing algorithm?
What's the most known/popular hashing algorithm?
Hash Encoding Decoding
Compares popular hashing algorithms like MD5, SHA-1, SHA-256, bcrypt and scrypt. It explains SHA-256 is currently the most widely used secure algorithm.
IToolkit August 30, 2023 4 min read Blog
Does BitTorrent Support SHA-2 256/512 or Future SHA-3?
Does BitTorrent Support SHA-2 256/512 or Future SHA-3?
Hash
Explore the support of SHA-2 256/512 and future SHA-3 in BitTorrent. Learn about the importance of hash algorithms in secure file sharing.
IToolkit August 29, 2023 3 min read Blog
Is storing of passwords in sha-1 hashing secure?
Is storing of passwords in sha-1 hashing secure?
Hash Encoding
Examines if SHA-1 hashing is still secure for password storage given new vulnerabilities, and discusses stronger alternatives like bcrypt and best practices.
Mia August 29, 2023 3 min read Blog
Why was LinkedIn using unsalted SHA-1 to hash passwords?
Why was LinkedIn using unsalted SHA-1 to hash passwords?
Hash
This article examines why LinkedIn used insecure unsalted SHA-1 for password hashing, the risks it posed, LinkedIn's response, and lessons learned.
Davy August 16, 2023 3 min read Blog
What are the differences between hashes and CRC?
What are the differences between hashes and CRC?
Hash CRC
What are the differences between hashing and CRC for data verification? This explores in-depth distinctions in purpose, algorithms, collision handling.
Mia August 16, 2023 3 min read Blog
What is a Hash Function?
What is a Hash Function?
Hash Encoding Decoding
This article explains hash functions, their working, applications and input-output in simple terms, helping readers grasp this core concept.
Amanda August 30, 2023 3 min read Blog
Can 2 Files Have the Same SHA-256?
Can 2 Files Have the Same SHA-256?
Hash Encoding Decoding
Analyzes whether it is possible for two different files to produce identical SHA-256 hash values. It examines the probability and likelihood of collisions.
Amanda August 30, 2023 4 min read Blog
What is the Algorithm Used to Generate SHA-512 Hashes?
What is the Algorithm Used to Generate SHA-512 Hashes?
Hash Encoding Decoding
Learn about the algorithm used to generate SHA-512 hashes, its strengths and weaknesses, and its applications in data security.
Amanda August 30, 2023 3 min read Blog
What hash is more secure, SHA256, SHA512, or MD5?
What hash is more secure, SHA256, SHA512, or MD5?
Hash Encoding Decoding
Compares the security of popular hash functions SHA256, SHA512 and MD5 based on digest length, collision resistance, and other cryptographic criteria.