...
The choice of hash function and salt length presents a trade-off between security and performance. Increasing the effort required for effective brute-force attacks by choosing a stronger hash function can also increase the time required to validate a password. As time passes best practices around password management evolve to keep inverse hashing computationally infeasible. The documents NIST 800-63 and OWASP ASVS are good places to consult for the current best practices around password managementcryptographic hashing.
Java's javax.crypto package provides implementations of various cryptographic hash functions. Avoid defective functions such as the Message-Digest Algorithm (MD5).
...