SwiftArgon2: Memory-safe Swift implementation of Argon2 for secure password hashing.

The cryptographic landscape often presents a difficult trade-off: bleeding-edge performance versus guaranteed memory safety. Traditional high-performance algorithms, like Argon2, are often accessed in Swift via C wrappers or bindings (e.g., libsodium). While battle-tested, these bindings inevitably introduce the risk of C-level memory management errors—buffer overruns, use-after-free—which, while rare, undermine the fundamental promise of using a modern, memory-safe language like Swift. SwiftArgon2 addresses this architectural vulnerability head-on. By implementing Argon2 entirely in pure Swift 6, it circumvents the dreaded Foreign Function Interface (FFI) risks associated with C libraries. This commitment to purity means that the resulting codebase retains the benefits of Swift's structured memory model, making it particularly appealing for embedded or mobile client-side usage where security assurance is paramount, and the key derivation process is already designed to be computationally expensive. The inclusion of all three variants (d, i, id) ensures interoperability and flexibility, meeting the rigorous demands of the RFC 9106 standard. However, this focus on safety introduces a necessary caveat: performance. The library explicitly notes that it is typically 2-3x slower than optimized C implementations. This slowdown is not a flaw but a feature, defining the library's appropriate use case. It shifts the intended use from high-throughput server-side password verification—where a C-backed library is mandatory—to secure, isolated client-side key derivation on mobile platforms. This is a thoughtful technical limitation that clarifies the boundary of its expertise. Technically, the implementation is highly sophisticated, particularly concerning secure memory wiping. Recognizing that plain Swift assignment cannot reliably zero out sensitive memory (as the compiler might optimize the writes away), the library contains a single, necessary FFI call to functions like `memset_s` or `explicit_bzero`. This exception is tightly scoped, documented, and contained to the single, non-pure-Swift path of memory cleanup, maintaining the overall safety profile while ensuring that secrets (passwords, keys, intermediate matrices) are securely zeroed upon disposal. This balance of maximal safety and minimal, well-justified use of unsafe operations is the project's core technical achievement.