Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Zozi96/hash-forge/llms.txt

Use this file to discover all available pages before exploring further.

Argon2Hasher is a memory-hard password hasher that won the Password Hashing Competition (PHC). It provides tunable resistance against both CPU-based and GPU-based brute-force attacks through three orthogonal cost parameters: time cost (iterations), memory cost, and parallelism. The implementation delegates to argon2-cffi’s PasswordHasher, which produces PHC-formatted strings, and wraps them with a argon2$ prefix for consistency with the rest of the Hash Forge ecosystem.
Argon2 is the recommended algorithm for all new projects. Its memory-hard design makes it significantly more resistant to hardware-accelerated attacks than PBKDF2 or bcrypt. Unless you have a specific compatibility requirement, prefer Argon2Hasher over other options.

Installation

The argon2-cffi package is required. Install it via the argon2 extra:
pip install "hash-forge[argon2]"

Import

from hash_forge.hashers import Argon2Hasher

Argon2Hasher

algorithm = 'argon2'

Constructor

Argon2Hasher(
    time_cost: int | None = None,
    salt_len: int | None = None,
    memory_cost: int | None = None,
    parallelism: int | None = None,
    hash_len: int | None = None,
)
All parameters are optional. When a parameter is None, the corresponding argon2-cffi default is used. Pass only the parameters you wish to override.
time_cost
int | None
default:"None"
Number of Argon2 iterations. Higher values increase hashing time linearly. Must be at least 2 when provided; raises InvalidHasherError otherwise.
memory_cost
int | None
default:"None"
Memory usage in kibibytes. Higher values increase memory requirements for an attacker. Must be at least 32768 (32 MiB) when provided; raises InvalidHasherError otherwise.
parallelism
int | None
default:"None"
Degree of parallelism (number of threads). Must be at least 1 when provided; raises InvalidHasherError otherwise.
hash_len
int | None
default:"None"
Length of the raw hash output in bytes. Must be at least 1 when provided; raises InvalidHasherError otherwise.
salt_len
int | None
default:"None"
Length of the random salt in bytes. Must be at least 1 when provided; raises InvalidHasherError otherwise.

Hash format

argon2$<argon2-cffi PHC string>
The argon2$ prefix is prepended to the standard PHC string produced by argon2-cffi, which encodes the algorithm variant, version, cost parameters, salt, and hash in a single portable string.

Methods

hash(string: str) -> str

Hashes the given password using the configured argon2.PasswordHasher instance. A new random salt is generated on every call.

verify(string: str, hashed_string: str) -> bool

Strips the argon2$ prefix and delegates to argon2.PasswordHasher.verify. Returns False on any verification error, including VerifyMismatchError and InvalidHash.

needs_rehash(hashed_string: str) -> bool

Strips the argon2$ prefix and delegates to argon2.PasswordHasher.check_needs_rehash. Returns True when the hash was produced with different cost parameters than the current PasswordHasher configuration.

Code example

from hash_forge.hashers import Argon2Hasher

hasher = Argon2Hasher(time_cost=3, memory_cost=65536, parallelism=1)
hashed = hasher.hash("secure_password")
assert hasher.verify("secure_password", hashed)

# Detect hashes produced under weaker parameters
old_hasher = Argon2Hasher(time_cost=2, memory_cost=32768)
old_hash = old_hasher.hash("secure_password")
assert hasher.needs_rehash(old_hash) == True

Build docs developers (and LLMs) love