Ok I googled. I guess it makes sense as it helps to protect against pre-hashed rainbow tables or dictionary attacks by making them more computationally expensive.
Usually people use salt to protect against rainbow tables.
Iterating a hash function (e.g . PBKDF2) is most just a way to make hashing take longer. Since attackers have to make very many gueses (while legit users only have to hash the password once), increasing each guess by a few seconds can really slow things down.
However in modern apps they usually try to use more complex constructions like argon2 to make it so you cant use GPUs to do lots of guesses at once.
bawolff|2 years ago
Iterating a hash function (e.g . PBKDF2) is most just a way to make hashing take longer. Since attackers have to make very many gueses (while legit users only have to hash the password once), increasing each guess by a few seconds can really slow things down.
However in modern apps they usually try to use more complex constructions like argon2 to make it so you cant use GPUs to do lots of guesses at once.