Kryptor

Hashing Algorithms

Argon2

Argon2 is a memory-hard password hashing and key derivation function that won the Password Hashing Competition in 2015. Argon2 is more secure than other key derivation algorithms such as scrypt, bcrypt, and PBKDF2 when configured correctly.

However, Argon2 is more resource hungry compared to algorithms like PBKDF2, which can run with very little memory. This is why many password managers such as Bitwarden still use PBKDF2 despite it being considerably less secure against GPU and ASIC attacks.

Argon2 has three modes:

The Internet Draft recommends using Argon2id with as much memory as possible (a high memory size), one pass over memory (one iteration), and a parallelism of twice the number of CPU cores. For details about the Argon2 parameters, please read the Key Derivation documentation.

BLAKE2

BLAKE2 is a cryptographic hash function that is faster than SHA2 and SHA3 whilst providing at least the same security as SHA3. BLAKE2 also supports keyed hashing and can be used as a MAC (message authentication code). BLAKE2 is used in Argon2 and a variety of protocols such as WireGuard.

There are two main BLAKE2 modes:

BLAKE2b is the most common mode in software. There are also several other BLAKE2 variants such as BLAKE2bp, BLAKE2sp, BLAKE2x as explained here.