To prevent brute force cracking a password, we should use a hashing mechanism that is deliberately slow for computation and optionally has high memory usage.
This new algorithm - Argon2 exposes parameters to tune these values and even parallelism.
Here is some explanation
https://www.ory.sh/choose-recommended-argon2-parameters-password-hashing/
and .Net implementation:
https://www.twelve21.io/how-to-use-argon2-for-password-hashing-in-csharp/#comments
The algorithm is recommended by OWASP and it substitutes PbKdf2
Tags
Security