You should ofc 'salt' people passwords ahead of hashing them to stay away from having the ability to Get well the original password from the hash. $endgroup$$begingroup$ As hashes are fixed length, does that imply that even when not specified when creating the password, all login systems would need to have some kind of optimum enter duration (While