[Someone1234]

You were told by who?

That's bad advice. BCrypt and pbkdf2 have a work-factor that accomplishes the same thing built in. The work-factor is added to the start of the resultant hash allowing different work-factors to be intermingled. This allows you to scale your work factor up over time as hardware power increases (or to mitigate weaknesses found in the underlying algorithm).

So, no, don't hack your own version of the work-factor instead of using bcrypt's solution. Your hack-version won't be standard compliant (between different BCrypt libs) or self-documenting. It also isn't increasing security, but is adding more potential sources of bugs.

[beatgammit]

bcrypt also does salting by default for you as well. It's really not difficult, just use a decent library.

[jammygit]

What does it mean to do salting by default?

[archi42]

The guy who is called after it's too late (he's a friend, I didn't call ;-)).

So it's bad advice to use a work factor and instead you recommend using a work factor? Uh yeah, still thanks for pointing out how that's called I guess? To clarify: I didn't say one should roll his own hashing, I just described the process; I simply don't assume the average HN reader to be an idiot and already use bcrypt or similar.

Edit: forgot to mention, parent comment also roughly described what his bcrypt is doing.