[mioelnir]

Just a hash or a single salted hash iteration has been on the bad practice list for a very long time. Hashes are designed to be fast, key derivation functions are intended to be slow.

There are a number of KDFs that build on top of the SHA family, from PBKDF2-HMAC-SHA1 to sha512crypt, that are all fine in principle but are often used with iteration counts that are off by 1 or 2 orders of magnitude.

5000 iterations sounds like a lot. It is not.