[hayleox]

My suggestion, if you really want to overkill and knock it out of the park: use both. Run it through bcrypt, then through Argon2. If something happens where one of them is deemed insecure/bad practice, you've still got the other one.

[technion]

This falls into the category of "coming up with your own system". It sounds theoretically as strong as either one, but it could end up weaker overall.

Define X as the maximum time you can allow a hash to run on your server, before it either starts to annoy users, or becomes a DoS issue. Moving from "Argon2, such that it runs for X" to "both algorithms, with a total cost X" means both of them are running with a much reduced work strength.

In the case of Argon2, there is an "iterations" counter, but t=2 is already reasonable, and on low end hardware, you may see t=1. So as per the spec, reducing runtime in order to make whole thing work is going to involve reducing m.

Except bcrypt is already not memory hard, and you've just reduced the only memory constraint in your algorithm.

And entirely possible there are bigger issues I didn't up with two minutes of thinking about it.

[sarciszewski]

If you're going to use both, pay a crypto engineer (such as one of the authors of either library) to write that for you.

Don't do it yourself.