A specification for password hashing libraries

argon2, bcrypt, elixir, pbkdf2



Build Status Module Version Hex Docs Total Download License Last Updated Join the chat at https://gitter.im/comeonin/Lobby

Comeonin is a specification for password hashing libraries.

For information about hashing passwords in your app, see Password hashing libraries.

Changes in version 5

In version 5.0 and above, Comeonin now provides two behaviours, Comeonin and Comeonin.PasswordHash, which password hash libraries then implement.

With these changes, Comeonin is now a dependency of the password hashing library you choose to use, and in most cases, you will not use it directly.

See the UPGRADE_v5 guide for information about you can upgrade to version 5.

Password hashing libraries

The following libraries all implement the Comeonin and Comeonin.PasswordHash behaviours:

Argon2 is currently considered to be the strongest password hashing function, and it is the one we recommend.

Bcrypt and Pbkdf2 are viable alternatives, but they are less resistant than Argon2, to attacks using GPUs or dedicated hardware.

Windows users

On Windows, it can be time-consuming and problematic to setup the environment needed to compile the C code in Argon2 and Bcrypt. For this reason, it is often easier to install Pbkdf2, which has no C dependencies.

For more information, see Choosing a library.

Comeonin wiki

See the Comeonin wiki for more information on the following topics:


There are many ways you can contribute to the development of Comeonin, including:


First of all, I would like to emphasize that this software is offered free of charge. However, if you find it useful, and you would like to buy me a cup of coffee, you can do so at PayPal.


BSD. For full details, please read the LICENSE file.