Password Hashing Algorithms Explained: bcrypt, Argon2, and More

---

title: "Password Hashing Algorithms Explained: bcrypt, Argon2, and More" description: "Understand how websites securely store passwords using hashing algorithms and why it matters for your security." date: "2025-11-05" author: "Security Team" category: "Technical" readTime: "11 min" keywords: ["password hashing", "bcrypt", "argon2", "password encryption"]

Introduction

When you create an account on a website, your password should never be stored in plain text. Instead, secure websites use password hashing algorithms to protect your credentials. This guide explains how hashing works, compares popular algorithms, and helps you identify secure vs. insecure password storage practices.

What Is Password Hashing?

Definition

Password hashing is a one-way mathematical function that converts your password into a fixed-length string of characters (the "hash"). The key property: you can't reverse the hash to get the original password.

How It Works

Your Password → Hashing Algorithm → Hash (stored in database)
"MyPassword123" → bcrypt → "$2b$10$N9qo8uLOickgx2ZMRZoMye..."

On login:

1. You enter password
2. System hashes your input
3. Compares hash to stored hash
4. Match = login successful

Why Not Encryption?

Encryption is reversible (two-way):

• Encrypted data can be decrypted
• Requires key management
• If key leaks, all passwords exposed

Hashing is one-way:

• Cannot be reversed
• No keys to manage
• Even if database leaks, passwords protected

Popular Hashing Algorithms

1. bcrypt (Recommended)

Status: Industry standard, highly recommended

How it works:

• Based on Blowfish cipher
• Built-in salt generation
• Configurable work factor (cost)
• Adaptive (can increase difficulty over time)

Strengths:

• ✅ Slow by design (resistant to brute force)
• ✅ Automatic salt handling
• ✅ Battle-tested since 1999
• ✅ Widely supported
• ✅ Adjustable cost factor

Weaknesses:

• ⚠️ Limited to 72-character passwords
• ⚠️ Not memory-hard (GPU-friendly)

Example hash:

$2b$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
│  │  │ └─────────────────────────────────────────────┘
│  │  │                    Hash (31 chars)
│  │  └─ Salt (22 chars)
│  └──── Cost factor (2^10 = 1,024 rounds)
└─────── Algorithm version

Best for: Most web applications

2. Argon2 (Most Secure)

Status: Winner of Password Hashing Competition (2015)

Variants:

• Argon2i: Optimized against side-channel attacks
• Argon2d: Optimized against GPU cracking
• Argon2id: Hybrid (recommended)

Strengths:

• ✅ Memory-hard (resistant to GPU/ASIC attacks)
• ✅ Configurable memory, time, and parallelism
• ✅ Most secure modern algorithm
• ✅ Designed specifically for passwords

Weaknesses:

• ⚠️ Newer (less battle-tested)
• ⚠️ Less widely supported
• ⚠️ More complex configuration

Parameters:

Argon2id(
  password,
  salt,
  time_cost = 2,      // iterations
  memory_cost = 65536, // 64 MB
  parallelism = 4      // threads
)

Best for: New high-security applications

3. PBKDF2 (Acceptable)

Status: NIST-approved, widely used

How it works:

• Applies pseudorandom function (HMAC) repeatedly
• Configurable iterations
• Requires separate salt

Strengths:

• ✅ NIST-approved
• ✅ FIPS 140-2 compliant
• ✅ Widely available
• ✅ Well-understood

Weaknesses:

• ⚠️ Not memory-hard (GPU-friendly)
• ⚠️ Requires high iteration count (100,000+)
• ⚠️ Slower than bcrypt for same security

Configuration:

PBKDF2-HMAC-SHA256(
  password,
  salt,
  iterations = 100000,
  key_length = 32
)

Best for: Legacy systems, compliance requirements

4. scrypt (Good Alternative)

Status: Memory-hard, good security

How it works:

• Memory-hard algorithm
• Requires significant RAM
• Resistant to hardware attacks

Strengths:

• ✅ Memory-hard (GPU-resistant)
• ✅ Configurable parameters
• ✅ Good security properties

Weaknesses:

• ⚠️ Less popular than bcrypt
• ⚠️ More complex than bcrypt
• ⚠️ Can cause DoS if misconfigured

Best for: Cryptocurrency wallets, specialized applications

Insecure Algorithms (Never Use)

❌ MD5

Status: Completely broken

Problems:

• Fast (can test billions per second)
• Collision attacks possible
• Rainbow table attacks trivial
• No built-in salt

Speed: 50 billion hashes/second on modern GPU

Verdict: Never use for passwords

❌ SHA-1

Status: Deprecated, insecure

Problems:

• Too fast for passwords
• Collision attacks demonstrated
• No built-in salt
• Designed for data integrity, not passwords

Speed: 25 billion hashes/second on modern GPU

Verdict: Never use for passwords

❌ Plain SHA-256/SHA-512

Status: Insecure for passwords (without proper implementation)

Problems:

• Extremely fast (designed for speed)
• No built-in salt
• No work factor
• GPU-optimized

When acceptable: Only with PBKDF2 wrapper

Speed: 10 billion hashes/second on modern GPU

Verdict: Don't use directly for passwords

Salt: The Essential Ingredient

What Is a Salt?

A salt is random data added to your password before hashing:

Hash = Algorithm(Password + Salt)

Why Salts Matter

Without salt:

"password123" → "482c811da5d5b4bc6d497ffa98491e38"
"password123" → "482c811da5d5b4bc6d497ffa98491e38" (same!)

With salt:

"password123" + "xK9mL2pQ" → "7d8f3e2a1b9c4d5e6f7a8b9c0d1e2f3a"
"password123" + "nR4vXt8Y" → "9f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c" (different!)

Salt Requirements

✅ Good salt:

• Unique per password
• Cryptographically random
• At least 16 bytes (128 bits)
• Stored alongside hash

❌ Bad salt:

• Same for all passwords
• Predictable (username, timestamp)
• Too short (< 8 bytes)
• Secret/hidden

Rainbow Table Prevention

Rainbow tables: Pre-computed hash databases

Without salt:

• Attacker pre-computes common passwords
• Instant lookup in database
• All users with same password compromised

With salt:

• Each password needs unique rainbow table
• Computationally infeasible
• Each user requires separate attack

Work Factor / Cost Factor

What Is It?

The work factor controls how many iterations the algorithm performs, making it slower and more secure.

bcrypt Cost Factor

Cost = 10 → 2^10 = 1,024 iterations
Cost = 12 → 2^12 = 4,096 iterations
Cost = 14 → 2^14 = 16,384 iterations

Timing:

• Cost 10: ~100ms per hash
• Cost 12: ~400ms per hash
• Cost 14: ~1.6s per hash

Choosing Work Factor

Balance:

• Too low: Vulnerable to brute force
• Too high: Slow user experience, DoS risk

Recommendations:

• Minimum: Cost 10 (bcrypt)
• Recommended: Cost 12 (bcrypt)
• High security: Cost 14 (bcrypt)

Rule: Adjust so hashing takes 250-500ms

Adaptive Hashing

As computers get faster, increase work factor:

2020: Cost 10 (adequate)
2023: Cost 12 (recommended)
2026: Cost 14 (future-proof)

How to Verify Website Security

Check 1: Password Requirements

Red flags 🚩:

• Maximum password length < 64 characters
• Disallows special characters
• Requires specific character positions
• Sends password via email

Green flags ✅:

• Accepts long passwords (100+ chars)
• Allows all characters
• No maximum length restrictions
• Never emails passwords

Check 2: Password Reset

Red flags 🚩:

• Emails your current password
• Shows password hint
• Security questions only

Green flags ✅:

• Sends reset link (not password)
• Link expires quickly
• Requires email verification
• Offers 2FA recovery

Check 3: Login Behavior

Red flags 🚩:

• Instant login (too fast = weak hashing)
• Different error messages for username vs password
• No rate limiting

Green flags ✅:

• Slight delay (200-500ms = proper hashing)
• Generic error messages
• Rate limiting after failed attempts
• 2FA support

Check 4: Data Breach Response

Red flags 🚩:

• Claims passwords were "encrypted" not "hashed"
• Doesn't force password reset
• No notification of breach

Green flags ✅:

• Transparent about hashing algorithm
• Forces immediate password reset
• Notifies all users
• Publishes incident report

Real-World Examples

✅ Good: GitHub

Security:

• Uses bcrypt
• Supports long passwords
• Offers 2FA
• Transparent security practices

✅ Good: 1Password

Security:

• Uses PBKDF2 with 100,000 iterations
• Client-side hashing
• Zero-knowledge architecture
• Regular security audits

❌ Bad: Adobe (2013 Breach)

Failures:

• Used ECB mode encryption (not hashing!)
• Same key for all passwords
• 153 million accounts compromised
• Passwords easily decrypted

❌ Bad: LinkedIn (2012 Breach)

Failures:

• Used unsalted SHA-1
• 6.5 million passwords leaked
• 90% cracked within days
• No work factor

Best Practices for Developers

Implementation Checklist

✅ Algorithm Selection:

• Use bcrypt (cost 12+) or Argon2id
• Never use MD5, SHA-1, or plain SHA-256
• Implement proper salt generation

✅ Configuration:

• Unique salt per password
• Appropriate work factor (250-500ms)
• Store salt with hash

✅ Security:

• Use timing-safe comparison
• Implement rate limiting
• Log authentication attempts
• Monitor for breaches

✅ Maintenance:

• Regularly increase work factor
• Rehash on login (upgrade algorithm)
• Monitor hashing performance

Code Example (Node.js with bcrypt)

const bcrypt = require('bcrypt');

// Hash password
async function hashPassword(password) {
  const saltRounds = 12; // Cost factor
  const hash = await bcrypt.hash(password, saltRounds);
  return hash;
}

// Verify password
async function verifyPassword(password, hash) {
  const match = await bcrypt.compare(password, hash);
  return match;
}

// Usage
const hash = await hashPassword('MySecurePassword123!');
// Store hash in database

const isValid = await verifyPassword('MySecurePassword123!', hash);
// true if password matches

What Users Should Do

✅ Your Responsibilities

1. Use strong passwords: 16+ characters, random
2. Unique per site: Never reuse passwords
3. Password manager: Store securely
4. Enable 2FA: Additional protection layer
5. Monitor breaches: Check Have I Been Pwned

❌ Don't Rely On

• Website security alone
• Password complexity rules
• Security questions
• Email-only recovery

Check Your Passwords

Use our Strong Password Generator to create properly secured passwords that will be safely hashed by websites using modern algorithms.

Conclusion

Password hashing is the foundation of secure password storage. Key takeaways:

1. bcrypt and Argon2 are the gold standards
2. Salts are mandatory - unique per password
3. Work factor matters - aim for 250-500ms
4. Never use MD5 or SHA-1 for passwords
5. Users need strong passwords regardless of hashing

Even the best hashing algorithm can't protect weak passwords. Generate strong, random passwords and let the hashing algorithm do its job.

Ready to create a properly secure password? Use our Strong Password Generator now.

Learn more: Do Websites Store Passwords?