So long as an opponent are able to use an excellent hash to test if a password suppose is useful otherwise completely wrong, they may be able work at an excellent dictionary or brute-force attack to the hash. The next thing is to incorporate a secret key to the fresh new hash so only somebody who knows the key can use the latest hash to help you examine a code. This might be completed a couple of indicates. Either the fresh hash is going to be encrypted using an excellent cipher such as for instance AES, and/or wonders trick can be as part of the hash using a good keyed hash algorithm such as HMAC.