Advertisement
Raw hashes are rainbow-table-attackable. Salts make per-user uniqueness; bcrypt slows attackers.
What you're seeing
Storing plain passwords is a breach waiting to happen. Storing a fast hash (MD5, SHA-256) is almost as bad: attackers precompute rainbow tables. Adding a unique random salt per user makes each hash unique. Slowing the hash function (bcrypt, scrypt, argon2id) makes brute-force orders of magnitude slower.
2026 standard: argon2id for new systems, bcrypt for compatibility with older stacks. Never SHA-256 alone.
★ KEY TAKEAWAY
Plain → bad. SHA → rainbow-table-attackable. SHA + salt → unique but fast. bcrypt/argon2id → unique AND slow → safe.
▶ WHAT TO TRY
- Type a password and see all four representations.
- Only the bottom one (slow + salted) is safe for storage.