JEP draft: Argon2 Password Hashing Algorithms
| Type | Feature |
| Scope | SE |
| Status | Draft |
| Release | 27 |
| Component | security-libs |
| Created | 2026/02/03 15:26 |
| Updated | 2026/02/04 15:15 |
| Issue | 8377081 |
Summary
Enhance the security of Java applications by adding support for Argon2 memory-hard function for password hashing and proof-of-work applications.
Motivation
Memory-hard functions (MHFs) are cryptographic functions designed to require a significant, irreducible amount of RAM to compute efficiently. Their primary purpose is to level the playing field between standard CPUs and specialized hardware like ASICs or FPGAs. In password hashing, attackers use custom hardware to test millions of guesses per second. Standard hashes (like SHA-256) are "compute-bound," meaning they only require processing power, which ASICs have in abundance. MHFs force the hardware to constantly read/write to memory, which is physically expensive and slow to scale on a custom chip, making large-scale attacks prohibitively costly.
Description
Argon2 – Winner of 2015 Password Hashing Competition. The Argon2 function uses a large, fixed-size memory region (often called the 'memory array' in documentation) to make brute-force attacks computationally expensive. The three variants differ in how they access this memory:
Argon2daccesses the memory array in a password-dependent order, which reduces the possibility of time–memory trade-off (TMTO) attacks, but introduces possible side-channel attacks.Argon2iis optimized to resist side-channel attacks. It accesses the memory array in a password-independent order.Argon2idis a hybrid version. It follows the Argon2i approach for the first half pass over memory and the Argon2d approach for subsequent passes. RFC 9106 recommends using Argon2id if one does not know the difference between the types or if side-channel attacks are considered to be a viable threat.
The goal of this JEP is to support all 3 variants.
Alternatives
scrypt: Legacy Systems/Crypto. The first widely adopted MHF.bcrypt: Web Apps. Memory-hard relative to its time, but less effective against modern GPUs than Argon2.Ethash: Ethereum (PoW). Used to prevent ASIC dominance in mining.
