SHA-256 vs bcrypt vs Argon2 - Complete Hashing Algorithm Comparison for Developers
Learn why you shouldn't use SHA-256 for password storage, the differences between bcrypt and Argon2, and the recommended hashing strategy for 2026.
Toolypet Team
Development Team
SHA-256 vs bcrypt vs Argon2: When Should You Use What?
"If I hash passwords with SHA-256 and store them, it should be secure, right?"
Many developers ask this question. The conclusion is: you should not use SHA-256 for passwords.
This guide explains the differences between hashing algorithms and the correct choice for each situation.
Hashing vs Encryption: Basic Concepts
Hashing
Input → Hash Function → Fixed-length Output (irreversible)
"password" → SHA-256 → "5e884898da28047d..."
- One-way: Cannot recover original
- Deterministic: Same input = Same output
- Fixed length: Output size independent of input size
Encryption
Input + Key → Encryption → Ciphertext → Decryption + Key → Original
"password" + key → AES → "Xyz..." → AES + key → "password"
- Two-way: Original recoverable with key
- Key-dependent: Cannot decrypt without key
Use hashing for password storage. You don't need the original - just compare input value with hash.
Hashing Algorithm Classification
Fast Hash
| Algorithm | Output Length | Speed | Use Case |
|---|---|---|---|
| MD5 | 128 bits | Very fast | ❌ Do not use for security |
| SHA-1 | 160 bits | Fast | ❌ Do not use for security |
| SHA-256 | 256 bits | Fast | File integrity, digital signatures |
| SHA-512 | 512 bits | Fast | File integrity, blockchain |
Slow Hash (Password Hash)
| Algorithm | Features | 2026 Recommendation |
|---|---|---|
| bcrypt | Adjustable time (cost) | ✅ |
| scrypt | Memory-intensive | ✅ |
| Argon2 | Latest, OWASP #1 | ✅✅ |
| PBKDF2 | High compatibility | ⚠️ Legacy |
Why Shouldn't You Store Passwords with SHA-256?
Reason 1: Too Fast
SHA-256 is designed for speed. This is an advantage for file integrity checks, but a fatal flaw for password storage.
Modern GPU performance:
- MD5: 180 billion hashes/sec
- SHA-256: 10 billion hashes/sec
- bcrypt (cost 12): 1,000 hashes/sec
Even an 8-character complex password can be cracked in minutes when stored with SHA-256.
Reason 2: Manual Salt Management Required
# ❌ Wrong approach
hash = sha256(password)
# Problem: Vulnerable to Rainbow Table attacks
# ⚠️ Improved but still insufficient
salt = generate_random_salt()
hash = sha256(salt + password)
# Problem: Still too fast
Reason 3: GPU Acceleration Vulnerability
SHA-256 is easily parallelized on GPUs. Attackers can calculate hashes at tremendous speed with just a few gaming GPUs.
bcrypt: 27 Years of Proven Standard
How It Works
bcrypt(cost, salt, password) → hash
cost: Number of computation iterations (2^cost)
salt: 22-character random string (auto-generated)
Why Is bcrypt Safe?
- Intentionally slow: Speed controlled by cost factor
- Automatic salt: Different hash every time
- Memory-intensive: Difficult to GPU accelerate
Cost Factor Guide (2026)
| Cost | Hash Time | Recommended Use |
|---|---|---|
| 10 | ~100ms | Development/testing |
| 12 | ~250ms | General web apps (recommended) |
| 13-14 | ~500ms | High security requirements |
| 15+ | 1sec+ | Special purposes |
Code Examples
// Node.js with bcrypt
const bcrypt = require('bcrypt');
// Hashing (signup)
const hash = await bcrypt.hash(password, 12); // cost 12
// Verification (login)
const isValid = await bcrypt.compare(inputPassword, storedHash);
# Python with bcrypt
import bcrypt
# Hashing
hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt(rounds=12))
# Verification
is_valid = bcrypt.checkpw(input_password.encode(), stored_hash)
Argon2: The Next-Generation Standard
What Is Argon2?
Winner of the 2015 Password Hashing Competition. It's the #1 recommended algorithm by OWASP for 2026.
Argon2 Variants
| Variant | Features | Recommendation |
|---|---|---|
| Argon2d | GPU attack resistant | Side-channel vulnerable |
| Argon2i | Side-channel resistant | GPU attack vulnerable |
| Argon2id | d + i hybrid | ✅ Recommended |
Argon2 Parameters
Argon2id(memory, iterations, parallelism, password, salt)
- memory: Memory usage (KB)
- iterations: Number of iterations
- parallelism: Number of parallel threads
OWASP Recommended Settings (2026)
Minimum settings:
- memory: 64MB (65536 KB)
- iterations: 3
- parallelism: 4
High security:
- memory: 256MB
- iterations: 4
- parallelism: 8
Code Examples
// Node.js with argon2
const argon2 = require('argon2');
// Hashing
const hash = await argon2.hash(password, {
type: argon2.argon2id,
memoryCost: 65536, // 64MB
timeCost: 3,
parallelism: 4
});
// Verification
const isValid = await argon2.verify(storedHash, inputPassword);
# Python with argon2-cffi
from argon2 import PasswordHasher
ph = PasswordHasher(
memory_cost=65536,
time_cost=3,
parallelism=4
)
# Hashing
hash = ph.hash(password)
# Verification
try:
ph.verify(stored_hash, input_password)
except VerifyMismatchError:
# Password mismatch
bcrypt vs Argon2: Which to Choose?
Comparison Table
| Item | bcrypt | Argon2id |
|---|---|---|
| Age | 1999 (27 years) | 2015 (11 years) |
| Validation | 27 years field-proven | Academically validated |
| Memory tuning | ❌ | ✅ |
| GPU resistance | ⚠️ Medium | ✅ Strong |
| Libraries | All languages | Most languages |
| OWASP ranking | #2 | #1 |
Selection Guide
Choose bcrypt:
- Legacy system compatibility needed
- Proven stability preferred
- Simple configuration preferred
Choose Argon2id:
- Starting new project
- Following latest security standards
- High GPU resistance needed
2026 Recommendation Order (OWASP)
#1: Argon2id
#2: bcrypt
#3: scrypt
#4: PBKDF2 (when compatibility needed)
When to Use SHA-256
SHA-256 is perfect for purposes other than passwords.
Suitable Use Cases
| Use Case | Example |
|---|---|
| File integrity | Download verification, backup confirmation |
| Digital signatures | JWT, certificates |
| Blockchain | Bitcoin mining |
| Checksums | Data transmission verification |
| Hash tables | (with HMAC) API key storage |
Code Example
// File hash (Node.js)
const crypto = require('crypto');
const fs = require('fs');
const fileBuffer = fs.readFileSync('file.zip');
const hash = crypto.createHash('sha256').update(fileBuffer).digest('hex');
console.log(hash); // "a1b2c3d4..."
Practical Implementation Checklist
Password Storage
- Use Argon2id or bcrypt
- Set appropriate work factor (250-500ms)
- Use library auto salt generation
- Store complete hash result (including salt)
Password Verification
- Use timing-attack-safe comparison functions
- Consistent response time on verification failure
- Limit failed login attempts
Migration
- Gradual upgrade to new hash
- Re-hash with new algorithm on successful login
- Use prefix to identify old hashes
FAQ
Q1: How do I handle existing passwords stored with MD5?
A: Re-hash with the new algorithm when users log in.
// On successful login
if (hash.startsWith('$md5$')) {
// Re-hash with bcrypt
const newHash = await bcrypt.hash(inputPassword, 12);
await updateUserHash(userId, newHash);
}
Q2: Isn't bcrypt's 72-byte limit a problem?
A: Most passwords are within 72 bytes. For longer inputs, hash with SHA-256 first, then apply bcrypt.
// Handling long passwords
const prehash = crypto.createHash('sha256').update(password).digest('base64');
const finalHash = await bcrypt.hash(prehash, 12);
Q3: Doesn't a high cost factor make you vulnerable to DoS attacks?
A: Yes. Implement rate limiting on login requests. 250-500ms is the appropriate balance.
Q4: Is pepper necessary?
A: Pepper (application-level secret key) provides additional security but isn't required. Salt alone is sufficient.
Q5: Can I use online hash tools?
A: Use only for learning/testing purposes. In production, hashing must be done server-side. The Hash Generator is safe as it processes 100% client-side.
Conclusion
| Use Case | Recommended Algorithm |
|---|---|
| Password storage | Argon2id > bcrypt |
| File integrity | SHA-256 |
| Digital signatures | SHA-256 / SHA-512 |
| Legacy compatibility | bcrypt / PBKDF2 |
Key Principles:
- Never use fast hashes (SHA-256, MD5) for passwords
- bcrypt cost 12+, Argon2 memory 64MB+
- Use library-provided auto salt generation
Related Tools
| Tool | Purpose |
|---|---|
| Hash Generator | Generate SHA-256, bcrypt hashes |
| Password Generator | Generate strong passwords |
About the Author
Toolypet Team
Development Team
The Toolypet Team creates free, privacy-focused web tools for developers and designers. All tools run entirely in your browser with no data sent to servers.