If it is feasible to find a shorter password which hashes into the same value as a longer password, the hashing algorithm is broken. $endgroup$ It should be CPU-heavy to make brute pressure attacks more challenging/not possible, in the event that your databases can be leaked. The franchise