Argon2 Hash (Argon2i, Argon2d, Argon2id) Regex for Python

What this pattern does

This page provides a comprehensive, battle-tested regular expression for matching argon2 hash (argon2i, argon2d, argon2id), ported and verified for Python. In security-sensitive code, using an unverified regex can open the door to both false positives and denial-of-service attacks. The snippet below is ready to drop into your Python project — whether you're validating in a Django view, a FastAPI endpoint, or a standalone data processing script.

Python Implementation

# Argon2 Hash (Argon2i, Argon2d, Argon2id)
# ReDoS-safe | RegexVault — Security > Password Formats

import re

argon2_hash_argon2i_argon2d_argon2id_pattern = re.compile(r'^\$(argon2(?:i|d|id))\$v=19\$m=([0-9]+),t=([0-9]+),p=([0-9]+)(?:,keyid=[A-Za-z0-9+/]{0,11}(?:=*))?(?:,data=[A-Za-z0-9+/]{0,43}(?:=*))?\$([A-Za-z0-9+/]{11,64}(?:={0,2}))\$([A-Za-z0-9+/]{16,86}(?:={0,2}))$')

def validate_argon2_hash_argon2i_argon2d_argon2id(value: str) -> bool:
    return bool(argon2_hash_argon2i_argon2d_argon2id_pattern.fullmatch(value))

# Example
print(validate_argon2_hash_argon2i_argon2d_argon2id("$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG"))  # True

Test Cases

When to use this pattern

This pattern is drawn from the Security > Password Formats category and carries a ReDoS-safe certification. That matters for Python developers because particularly important in Python web servers where CPU-bound regex operations can stall concurrent request handling. RegexVault audits patterns against known backtracking attack vectors, ensuring you have the necessary context before using this regex in a high-stakes production environment.

Common Pitfalls

Technical Notes

Argon2id is the recommended variant (memory-hard + side-channel resistant). Parameters: m=memory in KiB, t=time iterations, p=parallelism. OWASP recommends argon2id with m=19456 (19 MiB), t=2, p=1 as minimum. v=19 is the current version.