Which library is the best for encryption in phoenix?

I would like to know which library is the best for encryption in phoenix or can i just use Plug.Crypto.MessageEncryptor? I want to encrypt a password that the user send us

Thanks :slight_smile:

What and why you want to encrypt?

1 Like

i want to encrypt the password and store it in the database

There are some…

  • argon2_elixir
  • bcrypt_elixir
  • pbkdf2_elixir

You might find them on hex.pm


But cant i just use Plug.Crypto.MessageEncryptor for encrypting the password?

Those mentionned are for this task…

1 Like

why do you recommend using these libraries over Plug.Crypto.MessageEncryptor for encrypting the passwords and storing it in the database?

Because of topic’s title…

1 Like

so will you recommend using these libraries over Plug.Crypto.MessageEncryptor?

Yes, I would recommend those libraries for the requested task.

While I would use Plug.Crypto.MessageEncryptor for encrypting communication.


You don’t want passwords to be decrypted… Or else someone could maliciously do that and the passwords are leaked.

The 3 libraries mentioned are all hashing libraries. That means that the data goes in and (in theory) can never come back out again.

I might suggest using a prebuilt user login solution like pow if you are not sure what the difference is. User data is important to keep private.


All the methods listed by @kokolegorille are hashing methods that are irreversible, and they are all designed to be slow so that it’s infeasible to brute-force the original password.

  • PBKDF2 is CPU-proof (meaning you are unable to crack the original password using only some CPUs) but not GPU-proof.
  • BCrypt is both CPU-proof and GPU-proof, but may be vulnerable to quantum computers.
  • Argon2 is safe to all known brute-force and rainbow table attacking vectors.

You should never, ever, EVER encrypt passwords for storage. You always hash them with KDF like already mentioned by @kokolegorille. In exactly the same order they listed them:

  1. Argon2
  2. If above is out of question then crypt
  3. If none of the above fits the bill (or you need to be NIST certified) then you go with PBKDF2

Alternatively there are other algorithms, but as you asked this question, then I would say that you should use one of the mentioned above.


There’s an ‘official’ Phoenix auth generator that’s very nice:

I ran the Mix task for the generator on a project recently and adapted the generated code. I used Argon2 for password hashing.

comeonin – something like the standard password hashing ‘interface’ – recommends using Argon2: