You must ofc 'salt' users passwords ahead of hashing them to avoid being able to Recuperate the original password from the hash. $endgroup$ It should be CPU-large to make brute drive assaults more difficult/unattainable, just in case your database would be leaked. Hash tables are a