Cryptographic hash functions shouldn't be used to hash passwords directly

It's important to hash passwords before storing them, but using a cryptographic hash function directly isn't sufficient even if salt is included. Salt is intended to make it so that an attacker can't use a table of precomputed hashes of common passwords, but if your hash scheme itself is very fast to compute (as raw cryptographic hash functions are), an attacker won't need a precomputed table, as doing the computation live will be reasonable.

To demonstrate how fast cryptographic hash functions are on passwords, hash every password in the rockyou list of common passwords (14,344,391 passwords total), with sha256. Submit the password with the lowest hash value concatenated to the end of the password with the highest hash value.

#### Test Vector

If we take the first 10 lines of the rockyou password file
123456
12345
123456789
iloveyou
princess
1234567
rockyou
12345678
abc123

And compute their sha256 hashes
123456 -> 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92
12345 -> 5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5
123456789 -> 15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225

12345678 -> ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f

so the answer would be 12345678princess