Fast Hashes Are the Wrong Tool
General hashes like SHA two hundred fifty six are designed to be fast, which is exactly wrong for passwords. A fast hash lets an attacker try billions of guesses per second on stolen data. The defense is a password based key derivation function built to be slow on purpose.
What a KDF Adds
A KDF such as bcrypt, scrypt, or Argon two turns a password and salt into a derived value while deliberately consuming time and sometimes memory.
- A work factor sets how many iterations run, so you tune cost as hardware improves.
- Memory hardness in scrypt and Argon two forces large memory use, which blunts cheap parallel cracking on specialized hardware.
- The same function derives keys or stores password verifiers.
You raise the cost so that a single legitimate login stays fast enough for users while a mass cracking attempt becomes prohibitively expensive.
Key idea
Protect passwords with a deliberately slow and memory hard key derivation function like Argon two, tuning the work factor so legitimate logins stay fast while bulk guessing becomes too expensive.