You should ofc 'salt' buyers passwords just before hashing them to stop being able to Recuperate the original password from the hash. $endgroup$It ought to be CPU-heavy to make brute power assaults more challenging/unattainable, in case your databases will be leaked.Preferably, no two inputs inside a hashing algorithm should produce the same output