21Ağu
Storing multiple hashes of the same password
My application requires users to connect via different protocol that each have different auth flows and hash requirements, in particular Argon2 and SHA-256 (for SCRAM-SHA-256).
To allow both types of authentication at the same time I would need to hash the password twice and store both hashes.
Does having two hashes of the same password compromise the potential time-to-brute-force or otherwise reduce time needed to find a match in case the database gets leaked?
