- Linux:
- Windows:
Bindings to the reference Argon2 implementation.
Want to use it on command line? Instead check node-argon2-cli.
It's possible to hash a password using both Argon2i (default) Argon2d and Argon2id, sync and async, and to verify if a password matches a hash, and also generate random cryptographically-safe salts. Salts must be at least 8-byte long buffers.
To hash a password:
const argon2 = require('argon2');
const salt = new Buffer('somesalt');
argon2.hash('password', salt).then(hash => {
// ...
}).catch(err => {
// ...
});
// ES7 or TypeScript
try {
const hash = await argon2.hash("password", salt);
} catch (err) {
//...
}You can choose between Argon2i, Argon2d and Argon2id by passing an object as the third
argument with the type key set to which type you want to use:
argon2.hash('password', salt, {
type: argon2.argon2d
}).then(hash => {
// ...
}).catch(err => {
// internal failure
});
// ES7 or TypeScript
try {
const hash = await argon2.hash('password', salt, {
type: argon2.argon2d
});
} catch (err) {
// internal failure
}The type option is flexible and accepts 0, 1 or 2 for Argon2d, Argon2i and Argon2id respectively.
You can also get the hash as a raw Node Buffer by passing 'true' to the 'raw' option:
argon2.hash('password', salt, {
raw: true
}).then(hash => {
// ... hash is a Buffer
}).catch(err => {
// internal failure
});
// ES7 or TypeScript
try {
const hash = await argon2.hash('password', salt, {
raw: true
});
} catch (err) {
// internal failure
}You can provide your own salt as the second parameter. It is highly recommended to use the salt generating methods instead of a hardcoded, constant salt:
argon2.generateSalt().then(salt => {
// ...
});
// ES7 or TypeScript
const salt = await argon2.generateSalt();You can also pass a desired salt length as parameter. Although the default of 16 is enough and very safe, Argon2 will use all salt bytes.
argon2.generateSalt(32).then(salt => {
// ...
});
// ES7 or TypeScript
const salt = await argon2.generateSalt(32);You can change the Promise with any-promise. Try using Bluebird or Q for enhanced functionality.
You can also modify time, memory and parallelism constraints passing the object
as the third parameter, with keys timeCost, memoryCost and parallelism,
respectively defaulted to 3, 12 (meaning 2^12 KB) and 1 (threads):
const options = {
timeCost: 4, memoryCost: 13, parallelism: 2, type: argon2.argon2d
};
argon2.generateSalt().then(salt => {
argon2.hash('password', salt, options).then(hash => {
// ...
});
});
// ES7 or TypeScript
const hash = await argon2.hash("password", await argon2.generateSalt(), options);The default parameters for Argon2 can be accessed with defaults:
console.log(argon2.defaults);
// => { timeCost: 3, memoryCost: 12, parallelism: 1, type: argon2.argon2i }To verify a password:
argon2.verify('<big long hash>', 'password').then(match => {
if (match) {
// password match
} else {
// password did not match
}
}).catch(err => {
// internal failure
});
// ES7 or TypeScript
try {
if (await argon2.verify("<big long hash>", "password")) {
// password match
} else {
// password did not match
}
} catch (err) {
// internal failure
}First parameter must have been generated by an Argon2 encoded hashing method, not raw.
When you hit an internal failure, the message is properly set. If it is not or you do not understand it, feel free to open an issue.
A TypeScript type declaration file is published with this module. If you are using TypeScript >= 2.0.0 that means you do not need to install any additional typings in order to get access to the strongly typed interface. Simply use the library as mentioned above. This library uses Promises, so make sure you are targeting ES6+, including the es2015.promise lib in your build, or globally importing a Promise typings library.
Some example tsconfig.json compiler options:
{
"compilerOptions": {
"lib": ["es2015.promise"]
}
}
or
{
"compilerOptions": {
"target": "es6"
}
}import * as argon2 from "argon2";
const hash = await argon2.hash(..);Differences from node-argon2-ffi
This library is implemented natively, meaning it is an extension to the node engine. Thus, half of the code are C++ bindings, the other half are Javascript functions. node-argon2-ffi uses ffi, a mechanism to call functions from one language in another, and handles the type bindings (e.g. JS Number -> C++ int).
The interface of both are very similar, notably node-argon2-ffi splits the
argon2i and argon2d function set, but this module also has the argon2id option. Also, while
node-argon2-ffi suggests you promisify crypto.randomBytes, this library has
generateSalt which is exactly the same.
Performance-wise, the libraries are equal. You can run the same benchmark suite if you are curious, but both can perform around 130 hashes/second on an Intel Core i5-4460 @ 3.2GHz with default options.
You MUST have a node-gyp global install before proceeding with install, along with GCC >= 4.8 / Clang >= 3.3. On Windows, you must compile under Visual Studio 2015 or newer.
node-argon2 works only and is tested against Node >=4.0.0.
To install GCC >= 4.8 on OSX, use homebrew:
$ brew install gccOnce you've got GCC installed and ready to run, you then need to install node-gyp, you must do this globally:
$ npm install -g node-gypFinally, once node-gyp is installed and ready to go, you can install this library, specifying the GCC or Clang binary to use:
$ CXX=g++-6 npm install argon2NOTE: If your GCC or Clang binary is named something different than g++-6,
you'll need to specify that in the command.
Work licensed under the MIT License. Please check [P-H-C/phc-winner-argon2] (https://github.com/P-H-C/phc-winner-argon2) for license over Argon2 and the reference implementation.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent