What is the difference between bcrypt and Argon2 in PHP's password_hash?

Monday 24th July 2023




I asked ChatGPT the above question to help me with some research.

Both bcrypt and Argon2 are secure password-hashing algorithms supported by PHP's password_hash function. They are designed to hash passwords securely and protect against brute-force and rainbow table attacks. Here are the key differences between bcrypt and Argon2:

  1. Algorithm and Security Strength:

    • Bcrypt: Bcrypt is an adaptive password-hashing algorithm based on the Blowfish cipher. It is a widely used and battle-tested algorithm known for its security. Bcrypt allows you to control the work factor (cost parameter) to increase the computational effort required for hashing, making it slower and more resistant to brute-force attacks. However, the maximum work factor is limited by the implementation, and it might become less secure against future advances in hardware capabilities.

    • Argon2: Argon2 is the winner of the Password Hashing Competition (PHC) in 2015 and is considered the state-of-the-art password-hashing algorithm. It is designed to be memory-hard, which means it requires a significant amount of memory in addition to computational effort. This property makes it highly resistant to both GPU and ASIC attacks, making it a robust choice for hashing passwords. Argon2 has different modes (Argon2i, Argon2d, and Argon2id) with different trade-offs in terms of security and speed. Argon2id is generally recommended for password hashing, as it combines the best features of Argon2i and Argon2d.

  2. Customization Options:

    • Bcrypt: Bcrypt has limited customization options compared to Argon2. You can control the cost parameter (work factor) to adjust the computational effort, but there are no other significant tuning options.

    • Argon2: Argon2 provides more customization options, allowing you to specify the memory cost, time cost (iterations), and parallelism factor. These options give you more flexibility to adjust the hashing process based on your hardware capabilities and desired level of security.

  3. Performance:

    • Bcrypt: Bcrypt is generally fast and efficient, but it might be slower than Argon2, especially when you use high work factors. It is still a secure choice for password hashing.

    • Argon2: Argon2 is more resource-intensive than bcrypt, especially in terms of memory usage. This makes it more resistant to parallelization attacks (e.g., GPU/ASIC attacks) but may also require more memory on your server.

  4. Compatibility:

    • Bcrypt: Bcrypt has been widely supported for many years and is available in many programming languages and platforms, ensuring broad compatibility.

    • Argon2: Argon2 is newer and might not be as widely supported across all platforms. However, it is becoming increasingly popular and is supported in most modern systems and libraries.

In summary, both bcrypt and Argon2 are secure password-hashing algorithms. Bcrypt is well-established and widely used, providing a good level of security. Argon2, on the other hand, offers additional security benefits, especially in terms of memory hardness, making it more resistant to certain types of attacks. If your system supports Argon2 and you have the option to use it, it is generally recommended for its stronger security properties. However, if Argon2 is not available or practical for your environment, bcrypt is still a solid choice for password hashing.