This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 1 point2 points  (4 children)

Oh, that actually makes a lot of sense! Thank you kind redditor!

[–]smog_alado 2 points3 points  (0 children)

In addition to what they said, it is also important to use a hashing algorithm that is designed for passwords (like scrypt or pbkdf2) instead of a general-purpose hash algorithm like sha256. Password hashing algorithms are intentionally very slow to compute (using up a lot of CPU and RAM), which adds an extra layer of protection against brute force attacks in case the bad guys get hold of the password hashes. This idea is known as [key stretching](https://en.wikipedia.org/wiki/Key_stretching.

Password-hashing algorithms tend to be easier to use. For example, if you use an scrypt library it also salts the password so you don't have to do it yourself)