Password hashing protects stored credentials by converting a password into a fixed-length, irreversible value, so a database breach does not directly expose plaintext passwords. A salt, a unique random value added to each password before hashing, prevents attackers from using precomputed rainbow tables and ensures identical passwords produce different hashes.
OWASP recommends slow, memory-hard functions like Argon2id, bcrypt, or scrypt, tuned so each hash is expensive to compute. Fast hashes such as MD5 and SHA-1 are unsuitable for passwords because they let attackers test billions of guesses per second.
This calculator estimates guessing difficulty, not the strength of any server-side hashing.