Posts tagged: #password-hashing

A practical guide to storing passwords securely in 2026 — why general hashes fail, salts vs peppers, work factors, and choosing Argon2id, scrypt, bcrypt or PBKDF2.

How bcrypt works — the Eksblowfish key schedule, cost factor, salt, and the $2b$ hash format — why slow adaptive hashing protects passwords, and bcrypt's limits.

How Argon2 works — memory-hard password hashing, the Argon2d/i/id variants, the memory, time and parallelism parameters, and why it beats bcrypt and PBKDF2.

How PBKDF2 and scrypt work — iterated HMAC, salts and iteration counts, scrypt's memory-hard ROMix — and when to use each key derivation function for passwords and keys.