Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Password Hash Storage

1 min read
Pronunciation
[pass-wurd hash stor-ij]
Analogy
Like shredding documents into tiny pieces so they cannot be reassembled, password hashes irreversibly transform passwords.
Definition
Securely storing passwords by hashing them with a cryptographic hash function—often with salt and pepper—to prevent recovery of plaintext passwords in case of database compromise.
Key Points Intro
Proper password hash storage protects user credentials even if the database is breached.
Key Points

Salt: Unique random value per password to prevent rainbow table attacks.

Pepper: Global secret added to all passwords to mitigate hash leaks.

Slow hashes: Use bcrypt, scrypt, or Argon2 to slow brute‑force.

Iteration count: Configurable work factor to adjust hash cost.

Example
A dApp stores `bcrypt(password + pepper, salt, cost=12)` in its user database rather than plaintext passwords.
Technical Deep Dive
On signup, generate 16‑byte salt, compute `hash = Argon2id(password, salt, memory=64MB, iterations=3)`, store `{salt, hash, version}`. On login, recompute and compare with constant‑time equality.
Security Warning
Using fast hashes (e.g., MD5, SHA‑1) allows rapid cracking; always use memory‑hard functions.
Caveat
High work factor impacts performance; calibrate per hardware capabilities.
Related Terms
Salt
Key Derivation

Password Hash Storage - Related Articles

No related articles for this term.