Skip to Content

Why pick bcrypt over Argon2id (or vice versa)?

Category: Security & Compliance

Answer

Bcrypt is the conservative default: battle-tested, well-audited, available in every language. Argon2id is newer, more parameterizable (memory cost, parallelism), and theoretically stronger against GPU attacks. If your team is comfortable tuning Argon2id’s t/m/p parameters and your stack supports it, prefer Argon2id. Otherwise bcrypt at cost=12 is fine.

Concrete examples from the fca project context

Example 1

passlib[bcrypt] with rounds=12 takes ~250 ms per hash — slow enough to deter brute force.

Example 2

Argon2id: t=3 iterations, m=64 MiB memory, p=1 parallelism; tweak for your threat model.

Example 3

Migration: hash new passwords with the new algo; re-hash on next login for old ones.

Data flow / flow chart

cleartext -> bcrypt/argon2id -> store hash
  (next login verifies; old hash migrates on success)

Takeaway

Pick what you can tune correctly. bcrypt cost=12 is the safe default; Argon2id if you’ll watch the params.