You must ofc 'salt' users passwords in advance of hashing them to avoid having the ability to Get well the original password from the hash. $endgroup$$begingroup$ As hashes are preset length, does that indicate that even though not specified when creating the password, all login devices would need to have some kind of utmost enter length (Even thou