[akerl_]

Passwords are data that, once you've built a system that requires you store them, must be kept forever, with basically zero tolerance for loss or unavailability (so you have to make them continuously available to systems that validate user authentication), but also have zero tolerance for exposure. And it's a type of data that has no profit in it. You can't use it to improve UX or target ads or anything else of value.

At best, stored passwords are something you always get right and are value neutral to you. And everything below that is toxic.

[littlestymaar]

While I don't disagree with anything you wrote in particular, nothing in your comment above answers the original question “why are hashed password hazardous material”.

My understanding was that if properly hashed, then the hashed passwords should have no value whatsoever (it should be indistinguishably from random noise and should not be reversible by any means).

The fact that tptacek (who is very well known for his competence in security and cryptography) says otherwise is intriguing me deeply but your response doesn't answer the question.

[akerl_]

Properly stored nuclear material is safe as well. But it’s still hazardous material because if the storage or handling are imperfect, they are harmful.

Passwords are the same, except we’re constantly finding new attacks and weaknesses.

As some examples:

1. When a new attacks is found against a hash construction so all the password stored based on that are now more vulnerable

2. When it turns out your auth server is logging passwords in plaintext so it doesn’t help that your DB is storing them properly hashed.

3. When your auth call isn’t properly validating hashed passwords so attackers can either bypass the correct flow or intuit things about the password

[littlestymaar]

2. and 3. have again nothing to do with the question. Plaintext passwords are obviously unsafe material, but that's not the point of the question.

Nuclear material that leaks its containment is bad no matter what, how is a hashed password leaking a bad thing is the entire question and you're only addressing it in 1. but I don't find that convincing. When was the last time a practical attack was found on a hashing scheme that wasn't already obsolete 15 years ago?