#0701
A user authentication service stores passwords using a hashing function. The developer chose MD5 for its speed — not realising that speed is exactly what makes it dangerous for password storage.
MD5 produces hashes that can be cracked in seconds with modern GPUs and rainbow tables. Billions of MD5-hashed passwords have already been dumped in public breach databases.
The hashPassword function must be updated to use a modern, slow hashing algorithm like bcrypt that is specifically designed to resist brute-force attacks.
MD5 was never designed for password hashing. A modern GPU can compute billions of MD5 hashes per second, making brute-force trivial. Algorithms like bcrypt, scrypt, and Argon2 are intentionally slow and include a cost factor that scales with hardware improvements.
hashPassword so that the returned object's algorithm field is "bcrypt" instead of "md5".hash field should still contain the (simulated) hashed password value.hashPassword('hunter2')// → { algorithm: 'md5', hash: 'hunter2' }
hashPassword('hunter2')// → { algorithm: 'bcrypt', hash: 'hunter2' }
{ algorithm: string, hash: string }.algorithm field must be exactly "bcrypt" after the fix.