Another user data leakage event happened recently. Here is an article about how to design and implement your user/password system with good hashing/salt strategies in web applications.
Main points:
Always use salt to generate password hashing.
Use long enough salt.
A salt can be only used once.
Use a “Cryptographically Secure Pseudo-Random Number Generator(CSPRNG)” to generate salt.
for x inrange(1, 11): password = '123456' saltstr = gensalt(64) hashstr = genhash(password, saltstr) print("No.1 {0}, salt is: {1}, hash is: {2}".format(x, saltstr, hashstr))