the.com/bcrypt
a password hasher deliberately slow enough to make guessing your password a waste of a hacker's life.
means an algorithm that turns a password into a scrambled, salted hash that's cheap to check but brutally expensive to reverse-engineer at scale.
from built in 1999 by niels provos and david mazieres, riding on the blowfish cipher, presented at usenix as a fix for unix crypt() being too fast for its own good.
cost factortunable work factor slows it down on purpose
salt built inevery hash includes its own random salt automatically
still standing25+ years old, still recommended, rare in security
max length quirksilently truncates passwords longer than 72 bytes