{"id":15424995,"url":"https://github.com/lhecker/argon2","last_synced_at":"2026-04-02T02:38:09.963Z","repository":{"id":57483834,"uuid":"72848197","full_name":"lhecker/argon2","owner":"lhecker","description":"Argon2 bindings for secure password hashing in Go!","archived":false,"fork":false,"pushed_at":"2018-11-30T11:43:58.000Z","size":62,"stargazers_count":18,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-19T18:53:09.473Z","etag":null,"topics":["argon","argon2","argon2-library","go","golang"],"latest_commit_sha":null,"homepage":"https://godoc.org/github.com/lhecker/argon2","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lhecker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-11-04T13:02:36.000Z","updated_at":"2023-09-18T23:41:09.000Z","dependencies_parsed_at":"2022-08-28T17:02:12.735Z","dependency_job_id":null,"html_url":"https://github.com/lhecker/argon2","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/lhecker/argon2","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lhecker%2Fargon2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lhecker%2Fargon2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lhecker%2Fargon2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lhecker%2Fargon2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lhecker","download_url":"https://codeload.github.com/lhecker/argon2/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lhecker%2Fargon2/sbom","scorecard":{"id":587176,"data":{"date":"2025-08-11","repo":{"name":"github.com/lhecker/argon2","commit":"bc08810781b2167f870be5f57c03c17443d95014"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/22 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-20T20:51:39.683Z","repository_id":57483834,"created_at":"2025-08-20T20:51:39.683Z","updated_at":"2025-08-20T20:51:39.683Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272283331,"owners_count":24906661,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-27T02:00:09.397Z","response_time":76,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argon","argon2","argon2-library","go","golang"],"created_at":"2024-10-01T17:49:34.898Z","updated_at":"2026-04-02T02:38:09.925Z","avatar_url":"https://github.com/lhecker.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# argon2\n\n[![](https://godoc.org/github.com/lhecker/argon2?status.svg)](https://godoc.org/github.com/lhecker/argon2)\n\n~~The **fastest** _and_ **easiest** to use [Argon2](https://github.com/P-H-C/phc-winner-argon2) bindings for Go!~~\n\n## ⚠️ Notice ⚠️\n\n**In general I recommend using [`github.com/matthewhartstonge/argon2`](https://github.com/matthewhartstonge/argon2) for now**, for the reasons explained below.\u003cbr\u003e\nIt has the the _exact same_ API as this project and can be used as a drop in replacement.\n\nIf you do want to use this project please first download it on one of the actual machines you plan to deploy this project on and then run:\n```sh\nCGO_CFLAGS=\"-O3 -march=native\" go test -run=\"^$\" -bench=BenchmarkHash\n```\n\nYou can adjust the `Config` used for benchmarking [here](https://github.com/lhecker/argon2/blob/master/argon2_test.go#L17-L25).\u003cbr\u003e\nIf `BenchmarkHash` is slower or not significantly enough faster than `BenchmarkHashXCryptoArgon2` I recommend checking out the alternative project above.\n\nWhile you should actually still find that this project indeed is \"up to twice as fast\" as other projects (including those based on `golang.org/x/crypto/argon2`) on Linux and macOS on modern bare metal hardware, the primary issue is that this performance advantage cannot be reliably replicated when being used in any VMs, including those used by popular Cloud Providers.\u003cbr\u003e\nI've failed to find a good enough explaination for this performance discrepancy between bare metal and virtualized hardware within a reasonable time frame and thus recommend the library above for now.\n\n## Features\n\n- Zero dependencies\n- Easy to use API, including generation of raw and encoded hashes\n- Up to date \u0026 used in production environments\n- _Up to twice_ as fast as `golang.org/x/crypto/argon2`, allowing you to apply more secure settings while keeping the same latency\n\n## Usage\n\nSee [`examples/example.go`](https://github.com/lhecker/argon2/blob/master/examples/example.go) for a simple introduction and try it out with:\n\n```bash\ngo run examples/example.go\n```\n\n## Performance\n\nThis library makes use of AVX/SSE, depending on whether they are enabled during compilation.\nThis can be done by adding appropriate `gcc` optimization flags to the `CGO_CFLAGS` environment variable.\n\nHere's an example which you could set before running `go build` etc.:\n```bash\nexport CGO_CFLAGS=\"-O3 -march=native\"\n```\n\nIn this example `-march=native` will optimize the program for the _current_ platform you're compiling on.\nIf you're planning to deploy this library in a different environment you should replace it with a matching value listed [here](https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html).\n\nThis way you can achieve a significant performance improvement.\nYou can use this performance improvement to apply stronger hash settings and thus improve security at the same cost.\n\n## Current downsides\n\nThis package uses `cgo` like all Go bindings and thus comes with all it's downsides. Among others:\n\n- `cgo` makes cross-compilation hard\n- Excessive thread spawning¹\n\n¹\nAlmost every time this library hashes something the scheduler will notice that a Goroutine is blocked in a cgo call and will spawn a new, costly, native thread.\nTo prevent this you may use my [workerpool](https://github.com/lhecker/workerpool) project to set up a worker pool like [this](https://github.com/lhecker/workerpool/blob/026271cb185e1421ed2a032d5bfad85589585703/workerpool_test.go#L68-L71).\n\n## Modifications to Argon2\n\nBased on [fba7b9a](https://github.com/P-H-C/phc-winner-argon2/tree/fba7b9a73a1bb913f49fadf6126f6e6b352d2fda).\n\n- Moved blake2 code into the root source directory and adjusted include paths to match this change.\n- Merged `ref.c` and `opt.c` into one file (`ref_opt.c`). This allows us to use the `__SSE__` precompiler flag for SSE detection instead of relying on a Makefile.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flhecker%2Fargon2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flhecker%2Fargon2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flhecker%2Fargon2/lists"}