The fastest and easiest to use Argon2 bindings for Go!

In general I recommend using github.com/matthewhartstonge/argon2 for now, for the reasons explained below.
It has the the exact same API as this project and can be used as a drop in replacement.

If you do want to use this project please first download it on one of the actual machines you plan to deploy this project on and then run:

CGO_CFLAGS="-O3 -march=native" go test -run="^$" -bench=BenchmarkHash

You can adjust the Config used for benchmarking here.
If BenchmarkHash is slower or not significantly enough faster than BenchmarkHashXCryptoArgon2 I recommend checking out the alternative project above.

While you should actually still find that this project indeed is "up to twice as fast" as other projects (including those based on golang.org/x/crypto/argon2) on Linux and macOS on modern bare metal hardware, the primary issue is that this performance advantage cannot be reliably replicated when being used in any VMs, including those used by popular Cloud Providers.
I've failed to find a good enough explaination for this performance discrepancy between bare metal and virtualized hardware within a reasonable time frame and thus recommend the library above for now.

• Zero dependencies
• Easy to use API, including generation of raw and encoded hashes
• Up to date & used in production environments
• Up to twice as fast as golang.org/x/crypto/argon2, allowing you to apply more secure settings while keeping the same latency

See examples/example.go for a simple introduction and try it out with:

go run examples/example.go

This library makes use of AVX/SSE, depending on whether they are enabled during compilation. This can be done by adding appropriate gcc optimization flags to the CGO_CFLAGS environment variable.

Here's an example which you could set before running go build etc.:

export CGO_CFLAGS="-O3 -march=native"

In this example -march=native will optimize the program for the current platform you're compiling on. If you're planning to deploy this library in a different environment you should replace it with a matching value listed here.

This way you can achieve a significant performance improvement. You can use this performance improvement to apply stronger hash settings and thus improve security at the same cost.

This package uses cgo like all Go bindings and thus comes with all it's downsides. Among others:

• cgo makes cross-compilation hard
• Excessive thread spawning¹

¹ Almost every time this library hashes something the scheduler will notice that a Goroutine is blocked in a cgo call and will spawn a new, costly, native thread. To prevent this you may use my workerpool project to set up a worker pool like this.

Based on fba7b9a.

• Moved blake2 code into the root source directory and adjusted include paths to match this change.
• Merged ref.c and opt.c into one file (ref_opt.c). This allows us to use the __SSE__ precompiler flag for SSE detection instead of relying on a Makefile.