BuildDocsReferenceGuidesBlog
Discord logo
Discord
GitHub logo
Fargon2Sync
Bun

function

crypto.argon2Sync

function argon2Sync(
algorithm: Argon2Algorithm,
parameters: Argon2Parameters
): NonSharedBuffer;

Provides a synchronous [Argon2][] implementation. Argon2 is a password-based key derivation function that is designed to be expensive computationally and memory-wise in order to make brute-force attacks unrewarding.

The nonce should be as unique as possible. It is recommended that a nonce is random and at least 16 bytes long. See NIST SP 800-132 for details.

When passing strings for message, nonce, secret or associatedData, please consider caveats when using strings as inputs to cryptographic APIs.

An exception is thrown when key derivation fails, otherwise the derived key is returned as a Buffer.

An exception is thrown when any of the input arguments specify invalid values or types.

const { argon2Sync, randomBytes } = await import('node:crypto');

const parameters = {
  message: 'password',
  nonce: randomBytes(16),
  parallelism: 4,
  tagLength: 64,
  memory: 65536,
  passes: 3,
};

const derivedKey = argon2Sync('argon2id', parameters);
console.log(derivedKey.toString('hex'));  // 'af91dad...9520f15'

Referenced types

type Argon2Algorithm = 'argon2d' | 'argon2i' | 'argon2id'

interface Argon2Parameters

  • associatedData?: string | ArrayBuffer | ArrayBufferView<ArrayBufferLike>

    OPTIONAL, Additional data to be added to the hash, functionally equivalent to salt or secret, but meant for non-random data. If used, must have a length not greater than 2**32-1 bytes.

  • memory: number

    REQUIRED, memory cost in 1KiB blocks. Must be greater than 8 * parallelism and less than 2**32-1. The actual number of blocks is rounded down to the nearest multiple of 4 * parallelism.

  • message: string | ArrayBuffer | ArrayBufferView<ArrayBufferLike>

    REQUIRED, this is the password for password hashing applications of Argon2.

  • nonce: string | ArrayBuffer | ArrayBufferView<ArrayBufferLike>

    REQUIRED, must be at least 8 bytes long. This is the salt for password hashing applications of Argon2.

  • parallelism: number

    REQUIRED, degree of parallelism determines how many computational chains (lanes) can be run. Must be greater than 1 and less than 2**24-1.

  • passes: number

    REQUIRED, number of passes (iterations). Must be greater than 1 and less than 2**32-1.

  • secret?: string | ArrayBuffer | ArrayBufferView<ArrayBufferLike>

    OPTIONAL, Random additional input, similar to the salt, that should NOT be stored with the derived key. This is known as pepper in password hashing applications. If used, must have a length not greater than 2**32-1 bytes.

  • tagLength: number

    REQUIRED, the length of the key to generate. Must be greater than 4 and less than 2**32-1.