What Is Password Hashing?
Password hashing is a one-way cryptographic function that converts your password into a fixed-length string of characters called a hash. Unlike encryption, hashing cannot be reversed—there's no mathematical way to recover the original password from its hash.
When you create an account, the website doesn't store your actual password. Instead, it runs your password through a hash function and stores only the resulting hash. When you log in later, the site hashes your entered password and compares it to the stored hash. If they match, you're authenticated.
Hashing vs Encryption: Critical Differences
While both hashing and encryption protect data, they serve fundamentally different purposes and have distinct characteristics. Understanding this difference is crucial for proper security implementation.
| Aspect | Hashing | Encryption |
|---|---|---|
| Reversibility | One-way only (irreversible) | Two-way (reversible with key) |
| Output Length | Fixed length regardless of input | Variable length based on input |
| Purpose | Verify integrity, store passwords | Protect data confidentiality |
| Key Required | No key needed | Requires encryption/decryption key |
| Best For | Password storage, data verification | Data transmission, secure storage |
Why Passwords Must Be Hashed, Not Encrypted
Encryption requires a decryption key to retrieve the original data. If an attacker gains access to both the encrypted passwords and the decryption key, every password is immediately compromised. With password hashing, even if an attacker steals the entire database of hashes, they cannot directly reverse them to obtain passwords.
This is why proper password hashing uses specialized algorithms designed to be intentionally slow and computationally expensive, making brute force attacks impractical even with modern computing power.
How Password Hashing Works
A cryptographic hash function takes input data of any size and produces a fixed-size output through a series of complex mathematical operations. For password hashing, the process involves several critical steps:
The Hashing Process
- Input Processing: The password is converted to a binary format that the hash function can process
- Salt Generation: A random value (salt) is generated and combined with the password
- Iterative Hashing: The combined password and salt are processed through multiple rounds of hashing
- Output Formatting: The final hash is formatted with algorithm identifier, cost factor, salt, and hash value
Essential Properties of Hash Functions
Secure password hash functions must exhibit specific properties to effectively protect against attacks:
- Deterministic: The same input always produces the same output
- One-way: Computing the hash is easy; reversing it is computationally infeasible
- Avalanche Effect: Small input changes produce drastically different outputs
- Collision Resistant: Finding two inputs that produce the same hash is extremely difficult
- Computationally Intensive: Deliberately slow to prevent rapid brute force attacks
Password Salting: Adding Cryptographic Randomness
A salt is a random value added to each password before hashing. This seemingly simple addition provides critical protection against several sophisticated attack methods, particularly rainbow table attacks and parallel cracking attempts.
How Salting Works
When you create a password, the system generates a unique random salt for that specific password. This salt is combined with your password before hashing. The salt is then stored alongside the hash—this might seem counterintuitive, but it's not a security weakness because the salt's purpose isn't secrecy.
Why Salts Are Essential
Without salts, identical passwords produce identical hashes. An attacker who compromises a database could identify all users with the same password immediately. Worse, they could use precomputed rainbow tables—massive databases of password-hash pairs—to crack passwords almost instantly.
With unique salts, even users with identical passwords have completely different hashes. This forces attackers to compute hashes individually for each account, making attacks exponentially more time-consuming and resource-intensive. Our guide on cryptographic randomness explains how secure salts are generated.
Modern Password Hash Algorithms
Not all hash functions are suitable for password storage. Modern password hashing requires specialized algorithms designed specifically to resist attacks. Here are the current industry-standard algorithms:
Argon2 (Recommended)
Argon2 won the Password Hashing Competition in 2015 and is currently the gold standard for password hashing. It offers three variants—Argon2d, Argon2i, and Argon2id—with Argon2id recommended for password hashing as it provides balanced protection against both side-channel and GPU-based attacks.
Key Features: Memory-hard algorithm that requires significant RAM to compute, making it highly resistant to GPU and ASIC attacks. Configurable memory usage, iteration count, and parallelism allow fine-tuning for specific security requirements.
bcrypt (Widely Used)
Based on the Blowfish cipher, bcrypt has been the industry workhorse for over two decades. It includes built-in salting and uses a configurable cost factor that allows you to increase computational requirements as hardware improves.
Key Features: Adaptive function with adjustable work factor (currently recommended at cost factor 12-13, which equals 2^12 to 2^13 rounds for 2026 security standards). Well-tested with extensive library support across programming languages. Limited to 72-byte passwords (note: bytes, not characters - important for multi-byte UTF-8 characters), which is generally sufficient for most use cases.
scrypt (Memory-Intensive)
Designed specifically to make brute-force attacks expensive by requiring large amounts of memory. scrypt is particularly effective against attackers using custom hardware like GPUs or ASICs.
Key Features: Tunable memory and CPU requirements. Highly resistant to hardware attacks. More complex to configure properly compared to bcrypt.
PBKDF2 (Legacy Standard)
While still acceptable for legacy systems, PBKDF2 is generally not recommended for new implementations. It's less resistant to GPU-based attacks compared to bcrypt, scrypt, or Argon2.
Key Features: NIST-approved and FIPS-compliant. Requires very high iteration counts (100,000+) to provide adequate security. Lacks memory-hardness, making it vulnerable to parallel GPU attacks.
| Algorithm | Year | Recommendation | Primary Defense |
|---|---|---|---|
| Argon2id | 2015 | Best choice | Memory-hard, GPU-resistant |
| bcrypt | 1999 | Excellent (WF 12-13+ for 2026) | Adaptive cost, time-tested |
| scrypt | 2009 | Good | Memory-hard |
| PBKDF2 | 2000 | Legacy only | Iteration count |
Why Password Hashing Matters for Security
Proper password hashing is the critical defense layer that protects users when databases are breached. Understanding why hashing matters helps appreciate the importance of choosing strong passwords with high entropy.
Protection Against Data Breaches
Database breaches occur regularly, affecting millions of users. When a database containing properly hashed passwords is stolen, attackers face a significant computational challenge. Each password must be cracked individually, and with modern algorithms like bcrypt or Argon2, this process can take months or years per password.
In contrast, databases using weak hashing (or worse, storing passwords in plain text) can be compromised in minutes or hours. The 2012 LinkedIn breach exposed 6.5 million unsalted SHA-1 hashes, which were cracked rapidly. Proper hashing would have made this attack orders of magnitude more difficult.
Defense Against Common Attacks
Password hashing specifically defends against several attack methods detailed in our password attack methods guide:
- Rainbow Table Attacks: Salting makes precomputed tables useless, as each password requires unique computation
- Brute Force Attacks: Slow hash functions make testing millions of passwords computationally prohibitive
- Dictionary Attacks: Even common passwords take significant time to crack when properly hashed
- Parallel Attacks: Memory-hard algorithms like Argon2 resist GPU and ASIC-based cracking
Real-World Impact
The difference between strong and weak hashing is dramatic. A password that takes seconds to crack with MD5 might take years with bcrypt. This time difference is often enough for users to change their passwords before attackers successfully crack them, assuming the breach is detected and disclosed promptly.
Password Hashing Implementation Best Practices
For developers implementing authentication systems, following established best practices ensures maximum security. These guidelines align with current OWASP recommendations and industry standards.
For Developers
- Use Established Algorithms: Implement Argon2id, bcrypt, or scrypt—never create custom hash functions
- Configure Cost Factors Appropriately: Set parameters to take up to 1 second per hash on your production servers (as of 2026 guidelines)
- Generate Cryptographic Salts: Use secure random number generators for unique salts per password
- Use Trusted Libraries: Rely on well-audited cryptographic libraries rather than implementing algorithms yourself
- Plan for Algorithm Migration: Design systems that can migrate to stronger algorithms as standards evolve
- Implement Pepper (Optional): Add a secret key stored separately from the database for additional protection
For Users
While you can't control how websites hash your passwords, understanding hashing helps you make informed security decisions:
- Use unique passwords for each site—even with proper hashing, a breach on one site shouldn't compromise others
- Choose passwords with high entropy to resist brute force attacks if hashes are compromised
- Consider using a password manager to generate and store complex, unique passwords
- Be cautious with sites that can email you your password—this indicates they're storing it in plain text or using reversible encryption
Verification Methodology
Our approach to password security education follows rigorous verification standards outlined in our methodology page. All technical claims about hash algorithms, security properties, and best practices are verified against authoritative sources including NIST publications, OWASP guidelines, and peer-reviewed cryptographic research.