One thing that you’ll find with most hash functions is that they are designed for speed. With that in mind, you would think that a hash that is both secure and fast would be good, right?

NOPE.

Computers are normally all about speed and efficiency – except for with passwords.  When creating password hashing algorithms, you should aim to make them as slow as possible (within reason).

Take a second and read that again, because it’s actually a bit weird.  There’s a really good reason to aim for a slow hashing algorithm, and it all comes back to the goal of making Rainbow Tables ineffective or uneconomical. More →