Table of Contents

Free Active Directory Auditing Tool

Try it now

[New Research] Does Argon2 Mean Your Password is Uncrackable?

Table of Contents

Previous password cracking research published by Specops has looked at how long it takes attackers to brute force hashes protected with common hashing algorithms like MD5 and bcrypt. Much of that research focuses on how advances in hardware reduce the time needed to recover plaintext passwords.

But what happens when you’re using a hardened hashing algorithm such as Argon2, where the hardware doesn’t have much of an impact on the difficulty to retrieve a plaintext password? And does Argon2 mean you no longer need to worry about password complexity or blocking leaked passwords?

This research coincides with the latest addition of over 60 million compromised passwords to the Specops Breached Password Protection service. These passwords come from a combination of our honeypot network and threat intelligence sources.

What is Argon2?

Argon2 is a key derivation function (KDF) that won the Password Hashing Competition in 2015. It was designed to make brute-force attacks more computationally expensive by limiting the advantage attackers can get from GPUs and other high-performance cracking hardware.

The main strength of Argon2 is that it is memory-hard, which means it can be configured to require a set amount of memory for each password hashing attempt. This means attackers cannot simply keep adding more GPU cores and expect the same performance gains they would see against faster algorithms such as MD5 or SHA-1.

There are three variants of the algorithm:

  • Argon2d: Designed to resist GPU cracking attacks.
  • Argon2i: Designed to resist side-channel attacks.
  • Argon2id: A hybrid approach that combines elements of Argon2d and Argon2i.

For this research, we’ll focus on Argon2id. In most password hashing scenarios, Argon2id is the recommended general-purpose option because it balances resistance to GPU-based cracking with protection against side-channel attacks.

However, Argon2id isn’t necessarily the strongest possible choice for every specific threat model. If you know an implementation is especially exposed to side-channel attacks, for example, Argon2i may be more appropriate. But for most organizations, Argon2id offers the best balance of practical protection.

color meter from green to red
Are compromised passwords lurking in your AD? Audit your AD with our free tool!

Methodology

We have previously demonstrated that specialized AI accelerators such as Nvidia’s H200 do not provide a significant advantage for password cracking workloads. Rather than requiring large amounts of GPU memory, password cracking performance is primarily determined by hashrate, the number of hash calculations a system can perform each second.

With that in mind, we used Nvidia’s RTX 5090 as our reference GPU, as it represents the high-end consumer hardware an attacker typically uses today. Our setup used eight RTX 5090s; cloud providers currently rent comparable hardware for around $5 per hour, making it a practical benchmark for estimating the cost of offline password cracking.

Because Argon2 is specifically designed to reduce the performance advantage of powerful GPUs, we also ran the same tests on a single AMD EPYC server CPU.

Argon2 password cracking times

8x RTX5090 cracking rig:

Number of Characters Numbers Only Lowercase Only Upper and Lower Number, Upper, Lower Number, Upper, Lower, Symbols
4 20.41 sec 15.54 min 4.14 hr 8.38 hr 1.92 days
5 3.40 min 6.74 hr 8.98 days 21.64 days 182.77 days
6 34.01 min 7.30 days 1.28 years 3.67 years 47.54 years
7 5.67 hr 189.72 days 66.48 years 227.74 years 4,516 years
8 2.36 days 13.50 years 3,457 years 14,120 years 429,000 years
9 23.62 days 351.12 years 179,800 years 875,400 years 40.76 million years
10 236.21 days 9,129 years 9.35 million years 54.28 million years 3.87 billion years
11 6.47 years 237,400 years 486.1 million years 3.37 billion years 367.8 billion years
12 64.67 years 6.17 million years 25.28 billion years 208.6 billion years 34.94 trillion years
13 646.70 years 160.5 million years 1.31 trillion years 12.94 trillion years 3.32 quadrillion years
14 6,467 years 4.17 billion years 68.35 trillion years 802 trillion years 315.4 quadrillion years
15 64,670 years 108.5 billion years 3.55 quadrillion years 49.73 quadrillion years 29.96 quintillion years
16 646,700 years 2.82 trillion years 184.8 quadrillion years 3.08 quintillion years 2.85 sextillion years
17 6.47 million years 73.32 trillion years 9.61 quintillion years 191.1 quintillion years 270.4 sextillion years
18 64.67 million years 1.91 quadrillion years 499.8 quintillion years 11.85 sextillion years 25.69 septillion years
19 646.7 million years 49.57 quadrillion years 25.99 sextillion years 734.8 sextillion years 2.44 octillion years
20 6.47 billion years 1.29 quintillion years 1.35 septillion years 45.55 septillion years 231.8 octillion years
21 64.67 billion years 33.51 quintillion years 70.27 septillion years 2.82 octillion years 22.02 nonillion years
22 646.7 billion years 871.2 quintillion years 3.65 octillion years 175.1 octillion years 2.09 decillion years

1xEPYC 9B14 cracking rig:

Number of Characters Numbers Only Lowercase Only Upper and Lower Number, Upper, Lower Number, Upper, Lower, Symbols
4 13.70 sec 10.43 min 2.78 hr 5.62 hr 1.29 days
5 2.28 min 4.52 hr 6.03 days 14.53 days 122.68 days
6 22.83 min 4.90 days 313.46 days 2.47 years 31.91 years
7 3.81 hr 127.34 days 44.63 years 152.87 years 3,031 years
8 1.59 days 9.06 years 2,321 years 9,478 years 288,000 years
9 15.85 days 235.69 years 120,700 years 587,600 years 27.36 million years
10 158.55 days 6,128 years 6.28 million years 36.43 million years 2.60 billion years
11 4.34 years 159,300 years 326.3 million years 2.26 billion years 246.9 billion years
12 43.41 years 4.14 million years 16.97 billion years 140 billion years 23.46 trillion years
13 434.08 years 107.7 million years 882.3 billion years 8.68 trillion years 2.23 quadrillion years
14 4,341 years 2.80 billion years 45.88 trillion years 538.3 trillion years 211.7 quadrillion years
15 43,410 years 72.81 billion years 2.39 quadrillion years 33.38 quadrillion years 20.11 quintillion years
16 434,100 years 1.89 trillion years 124.1 quadrillion years 2.07 quintillion years 1.91 sextillion years
17 4.34 million years 49.22 trillion years 6.45 quintillion years 128.3 quintillion years 181.5 sextillion years
18 43.41 million years 1.28 quadrillion years 335.5 quintillion years 7.96 sextillion years 17.24 septillion years
19 434.1 million years 33.27 quadrillion years 17.44 sextillion years 493.2 sextillion years 1.64 octillion years
20 4.34 billion years 865 quadrillion years 907.1 sextillion years 30.58 septillion years 155.6 octillion years
21 43.41 billion years 22.49 quintillion years 47.17 septillion years 1.90 octillion years 14.78 nonillion years
22 434.1 billion years 584.8 quintillion years 2.45 octillion years 117.5 octillion years 1.40 decillion years

High-end hardware continues to become more available, and that has a noticeable impact even on hardened password hashing algorithms such as bcrypt. In our previous research, we compared cracking performance on the RTX 4090 and its successor, the RTX 5090, and found that the newer GPU was approximately 65% faster at cracking bcrypt hashes.

However, that performance simply doesn’t translate to Argon2. As mentioned, it is designed to neutralize the GPU power provided by the RTX 5090. We can see this in the difference in cracking times between Argon2 and less resistant algorithms like SHA256.

Argon2 vs SHA256 cracking times

In our testing, Argon2 achieved a hashrate of just 490 H/s, compared to 221 GH/s for SHA256. Put another way, Argon2 was approximately 451 million times slower to crack than SHA256 on the same hardware. For example, a password that takes one second to crack when hashed with SHA256 would take over 14 years when hashed with Argon2. 

Number of Characters Numbers Only Lowercase Only Upper and Lower Number, Upper, Lower Number, Upper, Lower, Symbols
4 Instantly Instantly Instantly Instantly Instantly
5 Instantly Instantly Instantly Instantly Instantly
6 Instantly Instantly Instantly Instantly 3.33 sec
7 Instantly Instantly 4.65 sec 15.93 sec 5.27 min
8 Instantly Instantly 4.03 min 16.47 min 8.34 hr
9 Instantly 24.57 sec 3.49 hr 17.01 hr 33.01 days
10 Instantly 10.65 min 7.57 days 43.96 days 8.58 years
11 Instantly 4.61 hr 1.08 years 7.46 years 815.57 years
12 4.52 sec 5.00 days 56.05 years 462.60 years 77,480 years
13 45.25 sec 129.94 days 2,914 years 28,680 years 7.36 million years
14 7.54 min 9.25 years 151,500 years 1.78 million years 699.3 million years
15 1.26 hr 240.49 years 7.88 million years 110.3 million years 66.43 billion years
16 12.57 hr 6,253 years 409.8 million years 6.84 billion years 6.31 trillion years
17 5.24 days 162,600 years 21.31 billion years 423.8 billion years 599.5 trillion years
18 52.37 days 4.23 million years 1.11 trillion years 26.28 trillion years 56.95 quadrillion years
19 1.43 years 109.9 million years 57.62 trillion years 1.63 quadrillion years 5.41 quintillion years
20 14.34 years 2.86 billion years 3.00 quadrillion years 101 quadrillion years 514 quintillion years
21 143.39 years 74.29 billion years 155.8 quadrillion years 6.26 quintillion years 48.83 sextillion years
22 1,434 years 1.93 trillion years 8.10 quintillion years 388.3 quintillion years 4.64 septillion years

Time-to-crack estimates are still useful when comparing hashing algorithms. They give us a baseline for understanding how hardware improvements affect password recovery, even if real attackers rarely rely on pure brute force alone.

However, the data shows that a well-configured Argon2 implementation means brute forcing quickly stops being a meaningful benchmark. In practical terms, recovering a strong, randomly generated password this way becomes effectively unrealistic barring finding an undiscovered weakness in the implementation, or quantum computation delivering a breakthrough in cryptanalysis.

Is Argon2 uncrackable?

Ultimately, Argon2id makes password cracking much harder, but “harder” is not the same as “impossible.”

Attackers and security researchers are highly effective at building wordlists, rulesets, and tools that improve their chances of recovering passwords from even well-protected hashes. Real-world cracking doesn’t usually mean trying every possible combination. Success means making better guesses, faster.

One solution we’ve discussed in recent research is using tools that aren’t GPUs and Hashcat. mdxfind is quickly gaining prominence as it improves performance against resistant and obscure algorithms.

For instance, in our testing, an 8x RTX 5090 rig achieved around 490 H/s against Argon2id. By comparison, mdxfind reached up to 730 H/s on a single AMD EPYC server CPU. While an RTX 5090 GPU can cost more than $5000, the EPYC 9B14 CPU in question can be had for as little as $2100. The right attacker, equipped with the right hardware, can still crack some of the hashes.

Hashcat attempting to brute force Argon2

Hashcat attempting to brute force Argon2id

mdxfind cracking Argon2

mdxfind cracking Argon2id

Does Argon2 prevent password compromise?

Argon2 makes brute forcing significantly harder, but it does not make password-based attacks disappear. Even with a strong hashing algorithm, organizations still need to account for two common attack paths:

  • Compromised passwords: If an attacker already has a user’s password from a previous breach, phishing attack, or infostealer infection, they do not need to crack the hash. The account should be treated as compromised regardless of the hashing algorithm used.
  • Targeted password cracking: Attackers use a variety of techniques to make more educated guesses. Argon2 makes each guess more expensive, but weak or predictable passwords can still be recovered.

This is why Argon2 should be viewed as one part of a wider password security strategy. It raises the cost of offline cracking, but it does not solve password reuse, phishing, failed multi-factor authentication, or the use of already-compromised credentials.

Number of characters Numbers Only Lowercase Only Upper and Lower Number, Upper, Lower Number, Upper, Lower, Symbols
4 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
5 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
6 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
7 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
8 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
9 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
10 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
11 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
12 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
13 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
14 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
15 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
16 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
17 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
18 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
19 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
20 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
21 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly
22 Instant­ly Instant­ly Instant­ly Instant­ly Instant­ly

Find weak and compromised passwords in your Active Directory

This month’s update to the Breached Password Protection service also adds more than 5.59 million compromised passwords to the express blocklist used by Specops Password Auditor.

With a read-only Active Directory scan, Specops Password Auditor shows how many of your end-user passwords are weak, reused, or already known to attackers.

You’ll receive a free, customizable report covering password-related risks across your environment, including weak password policies, breached passwords, and stale or inactive accounts.

Download your free auditing tool today.

How to improve password security with Argon2

If password hashes are exposed, whether through a breach of your own environment or a third-party service, the strength of users’ passwords still determines how difficult they are to recover.

Based on our testing, organizations should combine Argon2 with a password policy that includes:

  • A minimum password length of at least 15 characters.
  • Support for long passphrases, rather than encouraging shorter, complex passwords that are harder for users to remember.
  • A mix of character classes, optimally using uppercase letters, lowercase letters, numbers, and special characters.
  • A custom blocked password dictionary containing organization-specific terms such as company names, product names, and other publicly available keywords that attackers could use to build targeted wordlists. Tools such as CeWL can help identify terms from public-facing websites that should be added to this blocklist.
  • Protection against compromised passwords, preventing users from choosing passwords that have already appeared in known data breaches.
  • Implement Specops Breached Password Protection.

Argon2 dramatically reduces the advantage attackers gain from powerful, readily available hardware. Combined with strong password policies and breached password protection, it also makes recovering usable passwords significantly more expensive and less likely to succeed.

Continuously block compromised passwords

Argon2 reinforces that even strong password hashing does not replace good password hygiene. Users still need unique passwords, and organizations still need visibility into Active Directory risks.

Specops Password Auditor gives organizations a practical starting point by identifying password risks across your Active Directory, but it is only a snapshot.

With Specops Password Policy and Breached Password Protection, organizations can continuously protect against more than 6 billion known compromised passwords. The service is updated daily using our research team’s attack monitoring data collection systems, including passwords found in breach lists on the dark web and other sources.

Breached Password Protection continuously scans Active Directory for compromised passwords and can alert end users with customizable messaging, helping teams reduce risk without creating unnecessary service desk tickets.

If you’re interested in seeing how Specops can support your identity security strategy, contact us today or book a demo to see our solutions in action.

Last updated on July 16, 2026

David Ketler

Written by

David Ketler

David Ketler is a cybersecurity consultant based in Toronto, Canada with 10+ years of experience in software development and cybersecurity. He writes about password cracking, dark web activity, and password management.

Back to Blog

Related Articles


Free Active Directory Auditing Tool!