Argon2 & scrypt Hash

What is Argon2 & scrypt Hash?

Argon2 & scrypt Hash is a free online password-hashing tool that turns a plaintext password into a slow, memory-hard hash using Argon2id (the Password Hashing Competition winner) or scrypt. Backend developers, security engineers, and CTF players use it to generate test credentials, reproduce a stored hash, or confirm that a login password verifies against an existing Argon2 record without spinning up a server. Pick the algorithm with the Argon2id / scrypt toggle, open Parameters to set memory size, iterations, parallelism (for Argon2) or cost factor and block size (for scrypt), then press Hash to produce a salted digest with a fresh random 16-byte salt each time. The Verify section takes a password plus an Argon2 PHC hash (the $argon2id$... string) and tells you whether they match.

How to use Argon2 & scrypt Hash

1. Choose Argon2id or scrypt with the algorithm toggle at the top.
2. Open Parameters and set the memory, iterations and parallelism (Argon2) or cost factor and block size (scrypt) to match your target.
3. Type the password you want to hash into the Password field.
4. Click Hash; a salted hash appears in the output with a new random salt, ready to copy.
5. To check a password, paste it and an Argon2 hash into the Verify section and click Verify to see a match or mismatch result.

Examples

Frequently asked questions

Is my password or hash sent anywhere?

No. The password, the salt, and the resulting hash stay in your browser. The Argon2 and scrypt functions run as WebAssembly loaded on demand, and nothing is uploaded to or stored on any server, so the tool works offline and your secrets never leave the page.

What is the difference between Argon2id and scrypt?

Both are slow, memory-hard password-hashing functions designed to resist GPU and ASIC cracking. Argon2id won the Password Hashing Competition and is the modern default; scrypt is older but still widely deployed. Use the toggle to pick whichever your system expects.

Why does the hash change every time even with the same password?

Each hash uses a fresh random 16-byte salt, so the same password produces a different hash on every run. That is intentional and correct; the salt is embedded in the output so the hash can still be verified later.

Can I verify a scrypt hash too?

Verification supports Argon2 PHC hashes (strings starting with $argon2). scrypt has no standard encoded format, so its output here is informational and is not accepted by the verifier.

What do the memory, iterations and parallelism settings do?

They control how much work the hash costs. Higher memory and iterations make the hash slower and harder to crack but also slower to compute; parallelism sets how many lanes are used. Tune them to match the configuration of the system you are testing.