...
The choice of hash function and salt length presents a trade-off between security and performance. Increasing the effort required for effective brute-force attacks by choosing a stronger hash function can also increase the time required to validate a password. As time passes additional best practices around password management evolve to keep password inverse hashing computationally infeasible. The documents NIST 800-63 and OWASP ASVS are good places to consult for the current best practices around password management.
...