If it is feasible to locate a shorter password which hashes to the same benefit as an extended password, the hashing algorithm is broken. $endgroup$It ought to be CPU-heavy to make brute pressure attacks harder/impossible, in the event your database would be leaked.Limiting the hash area. If your modulus isn't really a power of two then the ensuing