When you create an account on a secure service, your password should never be stored in plain text. It should be transformed into a digital fingerprint (a "hash") that's impossible to reverse. This is where hashing algorithms come in β and Argon2id is the best in its class.
Why Password Hashing Is Critical
A hashed password cannot be directly converted back to the original password. Even if a database is stolen, attackers only get hashes, not actual passwords.
But not all hashing algorithms are equal. Algorithms like MD5 or SHA-1 are extremely fast β which is useful for file integrity checking, but a catastrophic flaw for passwords. A modern GPU can test billions of combinations per second with these algorithms.
What Is Argon2id?
Argon2id is a key derivation function (KDF) specifically designed to secure passwords. It won the Password Hashing Competition in 2015, an international cryptography competition that evaluated dozens of algorithms.
Its name comes from its behavior: Argon (an inert gas) reflects its opaque and resistant nature, and 2id designates a hybrid variant between Argon2i and Argon2d.
Key Characteristics of Argon2id
Configurable Memory Cost
Argon2id uses a significant amount of RAM during computation. This makes it particularly resistant to GPU and ASIC attacks, as these hardware types, optimized for parallelization, don't gain the same advantage when memory is the limiting factor.
In practice, this means a brute-force attack requires as much hardware per attempt, making massive attacks exponentially more costly.
Configurable Time Cost
In addition to memory cost, Argon2id allows defining a number of iterations. The higher the number, the longer the computation β and the harder it is to test thousands of passwords per second.
Side-Channel Attack Resistance
Argon2id combines:
- Argon2i: resistant to side-channel attacks that exploit information like power consumption or memory access patterns
- Argon2d: resistant to GPU attacks through its data-dependent memory access
This hybrid combination offers the best protection in most contexts.
How EchoPass Uses Argon2id
At EchoPass, Argon2id doesn't just securely store your password. It plays an even more critical role: deriving the encryption key.
Here's the process:
- You enter your password in your browser
- Argon2id transforms this password into a robust cryptographic key (256 bits)
- This key is used by XChaCha20-Poly1305 to encrypt your messages
- Only the encrypted text is sent to our servers β never your password, never the key
Even if an attacker intercepted network traffic or accessed our servers, they couldn't find your password or decrypt your messages.
Argon2id vs Alternatives
| Algorithm | GPU Resistance | Side-Channel Resistance | Recommended for Passwords |
|---|---|---|---|
| MD5 / SHA-1 | β Very weak | β Weak | β No |
| bcrypt | β Good | β οΈ Partial | β Acceptable |
| scrypt | β Good | β οΈ Partial | β Good |
| Argon2id | β Excellent | β Excellent | β Best choice |
Both OWASP and NIST recommend Argon2id as the first choice for password hashing.
What This Means for You
When you use EchoPass to store confidential messages and prepare your digital legacy, your security rests on a solid cryptographic chain:
- Argon2id to derive a robust key from your password
- XChaCha20-Poly1305 to encrypt your data with that key
- HTTPS/TLS 1.3 to secure transit
- Swiss hosting for maximum legal protection
This combination is why we can truthfully state that we technically cannot access your messages β even if we wanted to.
Learn more about our security architecture or create your free account.