Slow Hashing Speed as a Protection for Weak Passwords


Both security professionals and laypeople understand that strong passwords are superior to weak passwords for security. However, the majority of individuals likely use weak passwords for convenience. If a database is breached and a password hash is subject to a dictionary-based and/or rule-based attack, a strong password protects the data even if a fast hashing algorithm is used. Given that strong passwords improve security but are still not used by many, the research question is whether slow hashing algorithms are more effective in protecting data when weak passwords are used. Using the same tools as hackers, this experiment compares cracking attempts against real passwords hashed with a slow hashing algorithm with cracking attempts against the same passwords hashed with fast hashing algorithms. This research shows that modern, slow hashing algorithms make common password choices much more difficult to crack and should therefore be used by data administrators.


Information Technology and Cybersecurity

Document Type



password cracking, computer security, hashing algorithm, bcrypt, SHA-512, MD5, hashcat

Publication Date


Journal Title

International Journal of Advanced Engineering and Science