Posts tagged: #security

A practical guide to storing passwords securely in 2026 — why general hashes fail, salts vs peppers, work factors, and choosing Argon2id, scrypt, bcrypt or PBKDF2.

How bcrypt works — the Eksblowfish key schedule, cost factor, salt, and the $2b$ hash format — why slow adaptive hashing protects passwords, and bcrypt's limits.

How Argon2 works — memory-hard password hashing, the Argon2d/i/id variants, the memory, time and parallelism parameters, and why it beats bcrypt and PBKDF2.

How the NTLM hash works — MD4 of the UTF-16LE password, no salt, no iterations — why NTLM hashes crack fast, pass-the-hash, and how NTLMv2 authentication differs.