// glossary / argon2

Argon2.

The memory-hard function that OpenPGP v6 uses to turn your passphrase into the key that encrypts your secret key. Because it deliberately consumes a lot of memory, it's far harder to attack with the GPU and ASIC farms that make older passphrase schemes cheap to crack.

// definition

Argon2 is a password-hashing and key-derivation function, winner of the 2015 Password Hashing Competition and standardized for OpenPGP use in RFC 9106. OpenPGP v6 adopts the Argon2id variant as a string-to-key (S2K) method — the step that converts a passphrase into the symmetric key protecting your private key at rest.

Why "memory-hard" matters.

Older S2K methods (iterated-and-salted SHA) are cheap to compute, which means an attacker who steals your encrypted secret key can try billions of passphrase guesses per second on commodity GPUs. Argon2 is designed to require a tunable amount of memory per guess, not just CPU time. Memory is expensive to parallelize, so it dramatically raises the cost of a brute-force attack for the same wall-clock unlock time on your device.

Argon2 has three parameters: memory cost (how much RAM each guess needs), time cost (how many passes), and parallelism. Tuning them trades unlock latency on your own device against attacker cost.

// in PGPony When you generate or protect an OpenPGP v6 secret key with a passphrase, PGPony uses Argon2id as the S2K. (v4 keys continue to use iterated-and-salted S2K for compatibility.) Argon2's parameters are a deliberate latency/security trade-off — PGPony's current settings favor a strong work factor, with further performance tuning on the roadmap.

Related terms

Get PGPony

Free OpenPGP encryption for iOS and Android. No accounts, no tracking.

Download on the App Store Get it on Google Play