[1][2] It was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from the University of Luxembourg.
[3] The reference implementation of Argon2 is released under a Creative Commons CC0 license (i.e. public domain) or the Apache License 2.0, and provides three related versions: All three modes allow specification by three parameters that control: While there is no public cryptanalysis applicable to Argon2d, there are two published attacks on the Argon2i function.
[9] Source:[4] Argon2 makes use of a hash function capable of producing digests up to 232 bytes long.
As of May 2023, OWASP's Password Storage Cheat Sheet recommends that people "use Argon2id with a minimum configuration of 19 MiB of memory, an iteration count of 2, and 1 degree of parallelism.
[10] OWASP further notes that the following Argon2id options provide equivalent cryptographic strength and simply trade off memory usage for compute workload:[10]