This website uses cookies to ensure you get the best experience on our website. Learn more
[New Research] Does Argon2 Mean Your Password is Uncrackable?
Table of Contents
Previous password cracking research published by Specops has looked at how long it takes attackers to brute force hashes protected with common hashing algorithms like MD5 and bcrypt. Much of that research focuses on how advances in hardware reduce the time needed to recover plaintext passwords.
But what happens when you’re using a hardened hashing algorithm such as Argon2, where the hardware doesn’t have much of an impact on the difficulty to retrieve a plaintext password? And does Argon2 mean you no longer need to worry about password complexity or blocking leaked passwords?
This research coincides with the latest addition of over 60 million compromised passwords to the Specops Breached Password Protection service. These passwords come from a combination of our honeypot network and threat intelligence sources.
What is Argon2?
Argon2 is a key derivation function (KDF) that won the Password Hashing Competition in 2015. It was designed to make brute-force attacks more computationally expensive by limiting the advantage attackers can get from GPUs and other high-performance cracking hardware.
The main strength of Argon2 is that it is memory-hard, which means it can be configured to require a set amount of memory for each password hashing attempt. This means attackers cannot simply keep adding more GPU cores and expect the same performance gains they would see against faster algorithms such as MD5 or SHA-1.
There are three variants of the algorithm:
- Argon2d: Designed to resist GPU cracking attacks.
- Argon2i: Designed to resist side-channel attacks.
- Argon2id: A hybrid approach that combines elements of Argon2d and Argon2i.
For this research, we’ll focus on Argon2id. In most password hashing scenarios, Argon2id is the recommended general-purpose option because it balances resistance to GPU-based cracking with protection against side-channel attacks.
However, Argon2id isn’t necessarily the strongest possible choice for every specific threat model. If you know an implementation is especially exposed to side-channel attacks, for example, Argon2i may be more appropriate. But for most organizations, Argon2id offers the best balance of practical protection.
Methodology
We have previously demonstrated that specialized AI accelerators such as Nvidia’s H200 do not provide a significant advantage for password cracking workloads. Rather than requiring large amounts of GPU memory, password cracking performance is primarily determined by hashrate, the number of hash calculations a system can perform each second.
With that in mind, we used Nvidia’s RTX 5090 as our reference GPU, as it represents the high-end consumer hardware an attacker typically uses today. Our setup used eight RTX 5090s; cloud providers currently rent comparable hardware for around $5 per hour, making it a practical benchmark for estimating the cost of offline password cracking.
Because Argon2 is specifically designed to reduce the performance advantage of powerful GPUs, we also ran the same tests on a single AMD EPYC server CPU.
Argon2 password cracking times
8x RTX5090 cracking rig:
| Number of Characters | Numbers Only | Lowercase Only | Upper and Lower | Number, Upper, Lower | Number, Upper, Lower, Symbols |
|---|---|---|---|---|---|
| 4 | 20.41 sec | 15.54 min | 4.14 hr | 8.38 hr | 1.92 days |
| 5 | 3.40 min | 6.74 hr | 8.98 days | 21.64 days | 182.77 days |
| 6 | 34.01 min | 7.30 days | 1.28 years | 3.67 years | 47.54 years |
| 7 | 5.67 hr | 189.72 days | 66.48 years | 227.74 years | 4,516 years |
| 8 | 2.36 days | 13.50 years | 3,457 years | 14,120 years | 429,000 years |
| 9 | 23.62 days | 351.12 years | 179,800 years | 875,400 years | 40.76 million years |
| 10 | 236.21 days | 9,129 years | 9.35 million years | 54.28 million years | 3.87 billion years |
| 11 | 6.47 years | 237,400 years | 486.1 million years | 3.37 billion years | 367.8 billion years |
| 12 | 64.67 years | 6.17 million years | 25.28 billion years | 208.6 billion years | 34.94 trillion years |
| 13 | 646.70 years | 160.5 million years | 1.31 trillion years | 12.94 trillion years | 3.32 quadrillion years |
| 14 | 6,467 years | 4.17 billion years | 68.35 trillion years | 802 trillion years | 315.4 quadrillion years |
| 15 | 64,670 years | 108.5 billion years | 3.55 quadrillion years | 49.73 quadrillion years | 29.96 quintillion years |
| 16 | 646,700 years | 2.82 trillion years | 184.8 quadrillion years | 3.08 quintillion years | 2.85 sextillion years |
| 17 | 6.47 million years | 73.32 trillion years | 9.61 quintillion years | 191.1 quintillion years | 270.4 sextillion years |
| 18 | 64.67 million years | 1.91 quadrillion years | 499.8 quintillion years | 11.85 sextillion years | 25.69 septillion years |
| 19 | 646.7 million years | 49.57 quadrillion years | 25.99 sextillion years | 734.8 sextillion years | 2.44 octillion years |
| 20 | 6.47 billion years | 1.29 quintillion years | 1.35 septillion years | 45.55 septillion years | 231.8 octillion years |
| 21 | 64.67 billion years | 33.51 quintillion years | 70.27 septillion years | 2.82 octillion years | 22.02 nonillion years |
| 22 | 646.7 billion years | 871.2 quintillion years | 3.65 octillion years | 175.1 octillion years | 2.09 decillion years |
1xEPYC 9B14 cracking rig:
| Number of Characters | Numbers Only | Lowercase Only | Upper and Lower | Number, Upper, Lower | Number, Upper, Lower, Symbols |
|---|---|---|---|---|---|
| 4 | 13.70 sec | 10.43 min | 2.78 hr | 5.62 hr | 1.29 days |
| 5 | 2.28 min | 4.52 hr | 6.03 days | 14.53 days | 122.68 days |
| 6 | 22.83 min | 4.90 days | 313.46 days | 2.47 years | 31.91 years |
| 7 | 3.81 hr | 127.34 days | 44.63 years | 152.87 years | 3,031 years |
| 8 | 1.59 days | 9.06 years | 2,321 years | 9,478 years | 288,000 years |
| 9 | 15.85 days | 235.69 years | 120,700 years | 587,600 years | 27.36 million years |
| 10 | 158.55 days | 6,128 years | 6.28 million years | 36.43 million years | 2.60 billion years |
| 11 | 4.34 years | 159,300 years | 326.3 million years | 2.26 billion years | 246.9 billion years |
| 12 | 43.41 years | 4.14 million years | 16.97 billion years | 140 billion years | 23.46 trillion years |
| 13 | 434.08 years | 107.7 million years | 882.3 billion years | 8.68 trillion years | 2.23 quadrillion years |
| 14 | 4,341 years | 2.80 billion years | 45.88 trillion years | 538.3 trillion years | 211.7 quadrillion years |
| 15 | 43,410 years | 72.81 billion years | 2.39 quadrillion years | 33.38 quadrillion years | 20.11 quintillion years |
| 16 | 434,100 years | 1.89 trillion years | 124.1 quadrillion years | 2.07 quintillion years | 1.91 sextillion years |
| 17 | 4.34 million years | 49.22 trillion years | 6.45 quintillion years | 128.3 quintillion years | 181.5 sextillion years |
| 18 | 43.41 million years | 1.28 quadrillion years | 335.5 quintillion years | 7.96 sextillion years | 17.24 septillion years |
| 19 | 434.1 million years | 33.27 quadrillion years | 17.44 sextillion years | 493.2 sextillion years | 1.64 octillion years |
| 20 | 4.34 billion years | 865 quadrillion years | 907.1 sextillion years | 30.58 septillion years | 155.6 octillion years |
| 21 | 43.41 billion years | 22.49 quintillion years | 47.17 septillion years | 1.90 octillion years | 14.78 nonillion years |
| 22 | 434.1 billion years | 584.8 quintillion years | 2.45 octillion years | 117.5 octillion years | 1.40 decillion years |
High-end hardware continues to become more available, and that has a noticeable impact even on hardened password hashing algorithms such as bcrypt. In our previous research, we compared cracking performance on the RTX 4090 and its successor, the RTX 5090, and found that the newer GPU was approximately 65% faster at cracking bcrypt hashes.
However, that performance simply doesn’t translate to Argon2. As mentioned, it is designed to neutralize the GPU power provided by the RTX 5090. We can see this in the difference in cracking times between Argon2 and less resistant algorithms like SHA256.
Argon2 vs SHA256 cracking times
In our testing, Argon2 achieved a hashrate of just 490 H/s, compared to 221 GH/s for SHA256. Put another way, Argon2 was approximately 451 million times slower to crack than SHA256 on the same hardware. For example, a password that takes one second to crack when hashed with SHA256 would take over 14 years when hashed with Argon2.
| Number of Characters | Numbers Only | Lowercase Only | Upper and Lower | Number, Upper, Lower | Number, Upper, Lower, Symbols |
|---|---|---|---|---|---|
| 4 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 5 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 6 | Instantly | Instantly | Instantly | Instantly | 3.33 sec |
| 7 | Instantly | Instantly | 4.65 sec | 15.93 sec | 5.27 min |
| 8 | Instantly | Instantly | 4.03 min | 16.47 min | 8.34 hr |
| 9 | Instantly | 24.57 sec | 3.49 hr | 17.01 hr | 33.01 days |
| 10 | Instantly | 10.65 min | 7.57 days | 43.96 days | 8.58 years |
| 11 | Instantly | 4.61 hr | 1.08 years | 7.46 years | 815.57 years |
| 12 | 4.52 sec | 5.00 days | 56.05 years | 462.60 years | 77,480 years |
| 13 | 45.25 sec | 129.94 days | 2,914 years | 28,680 years | 7.36 million years |
| 14 | 7.54 min | 9.25 years | 151,500 years | 1.78 million years | 699.3 million years |
| 15 | 1.26 hr | 240.49 years | 7.88 million years | 110.3 million years | 66.43 billion years |
| 16 | 12.57 hr | 6,253 years | 409.8 million years | 6.84 billion years | 6.31 trillion years |
| 17 | 5.24 days | 162,600 years | 21.31 billion years | 423.8 billion years | 599.5 trillion years |
| 18 | 52.37 days | 4.23 million years | 1.11 trillion years | 26.28 trillion years | 56.95 quadrillion years |
| 19 | 1.43 years | 109.9 million years | 57.62 trillion years | 1.63 quadrillion years | 5.41 quintillion years |
| 20 | 14.34 years | 2.86 billion years | 3.00 quadrillion years | 101 quadrillion years | 514 quintillion years |
| 21 | 143.39 years | 74.29 billion years | 155.8 quadrillion years | 6.26 quintillion years | 48.83 sextillion years |
| 22 | 1,434 years | 1.93 trillion years | 8.10 quintillion years | 388.3 quintillion years | 4.64 septillion years |
Time-to-crack estimates are still useful when comparing hashing algorithms. They give us a baseline for understanding how hardware improvements affect password recovery, even if real attackers rarely rely on pure brute force alone.
However, the data shows that a well-configured Argon2 implementation means brute forcing quickly stops being a meaningful benchmark. In practical terms, recovering a strong, randomly generated password this way becomes effectively unrealistic barring finding an undiscovered weakness in the implementation, or quantum computation delivering a breakthrough in cryptanalysis.
Is Argon2 uncrackable?
Ultimately, Argon2id makes password cracking much harder, but “harder” is not the same as “impossible.”
Attackers and security researchers are highly effective at building wordlists, rulesets, and tools that improve their chances of recovering passwords from even well-protected hashes. Real-world cracking doesn’t usually mean trying every possible combination. Success means making better guesses, faster.
One solution we’ve discussed in recent research is using tools that aren’t GPUs and Hashcat. mdxfind is quickly gaining prominence as it improves performance against resistant and obscure algorithms.
For instance, in our testing, an 8x RTX 5090 rig achieved around 490 H/s against Argon2id. By comparison, mdxfind reached up to 730 H/s on a single AMD EPYC server CPU. While an RTX 5090 GPU can cost more than $5000, the EPYC 9B14 CPU in question can be had for as little as $2100. The right attacker, equipped with the right hardware, can still crack some of the hashes.
Hashcat attempting to brute force Argon2id
mdxfind cracking Argon2id
Does Argon2 prevent password compromise?
Argon2 makes brute forcing significantly harder, but it does not make password-based attacks disappear. Even with a strong hashing algorithm, organizations still need to account for two common attack paths:
- Compromised passwords: If an attacker already has a user’s password from a previous breach, phishing attack, or infostealer infection, they do not need to crack the hash. The account should be treated as compromised regardless of the hashing algorithm used.
- Targeted password cracking: Attackers use a variety of techniques to make more educated guesses. Argon2 makes each guess more expensive, but weak or predictable passwords can still be recovered.
This is why Argon2 should be viewed as one part of a wider password security strategy. It raises the cost of offline cracking, but it does not solve password reuse, phishing, failed multi-factor authentication, or the use of already-compromised credentials.
| Number of characters | Numbers Only | Lowercase Only | Upper and Lower | Number, Upper, Lower | Number, Upper, Lower, Symbols |
|---|---|---|---|---|---|
| 4 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 5 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 6 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 7 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 8 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 9 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 10 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 11 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 12 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 13 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 14 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 15 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 16 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 17 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 18 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 19 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 20 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 21 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 22 | Instantly | Instantly | Instantly | Instantly | Instantly |
Find weak and compromised passwords in your Active Directory
This month’s update to the Breached Password Protection service also adds more than 5.59 million compromised passwords to the express blocklist used by Specops Password Auditor.
With a read-only Active Directory scan, Specops Password Auditor shows how many of your end-user passwords are weak, reused, or already known to attackers.
You’ll receive a free, customizable report covering password-related risks across your environment, including weak password policies, breached passwords, and stale or inactive accounts.
Download your free auditing tool today.
How to improve password security with Argon2
If password hashes are exposed, whether through a breach of your own environment or a third-party service, the strength of users’ passwords still determines how difficult they are to recover.
Based on our testing, organizations should combine Argon2 with a password policy that includes:
- A minimum password length of at least 15 characters.
- Support for long passphrases, rather than encouraging shorter, complex passwords that are harder for users to remember.
- A mix of character classes, optimally using uppercase letters, lowercase letters, numbers, and special characters.
- A custom blocked password dictionary containing organization-specific terms such as company names, product names, and other publicly available keywords that attackers could use to build targeted wordlists. Tools such as CeWL can help identify terms from public-facing websites that should be added to this blocklist.
- Protection against compromised passwords, preventing users from choosing passwords that have already appeared in known data breaches.
- Implement Specops Breached Password Protection.
Argon2 dramatically reduces the advantage attackers gain from powerful, readily available hardware. Combined with strong password policies and breached password protection, it also makes recovering usable passwords significantly more expensive and less likely to succeed.
Continuously block compromised passwords
Argon2 reinforces that even strong password hashing does not replace good password hygiene. Users still need unique passwords, and organizations still need visibility into Active Directory risks.
Specops Password Auditor gives organizations a practical starting point by identifying password risks across your Active Directory, but it is only a snapshot.
With Specops Password Policy and Breached Password Protection, organizations can continuously protect against more than 6 billion known compromised passwords. The service is updated daily using our research team’s attack monitoring data collection systems, including passwords found in breach lists on the dark web and other sources.
Breached Password Protection continuously scans Active Directory for compromised passwords and can alert end users with customizable messaging, helping teams reduce risk without creating unnecessary service desk tickets.
If you’re interested in seeing how Specops can support your identity security strategy, contact us today or book a demo to see our solutions in action.
Last updated on July 16, 2026

