I am trying to decide the best hashing algorithm for my password encryption.
When I go to PBKDF2 page, I can clearly see that it accepts salt and number of iterations, and indeed I can provide both of them in my node.js script. Similar situation is with Bcrypt, it has salt and number of iterations.
But when I go to SHA wiki then I can't find even a mention of salting or giving number of iterations. SHA doesn't have salting then? But from time to time I stumble upon links on the Internet that do talk about SHA salting.
Sorry if the question is stupid, but I am genuinely confused with all this crypto algorithms.
p.s. I use node.js to play around with those algorithms
I had not touch crypto algorithms in a while but i'm sure you can use hashes in Secure Hash Algorithm from the family of hash functions SHA-2 and also in SHA-3, being called Salted Secure Hash Algorithm or SSHA.
Depending on how secure you want it to be, SSHA-256 is far more secure than SHA-256 but Secure Hash Algorithm are not recommended for your purpose, due of they intend to be fast and they lack on password encryption being vulnerable to brute force and dict attacks.
For it, you need something designed to be difficult to serialize and/or optimize, that requires loads of workload.
Argon2, BCrypt or PBKDF2 are the safest options in terms of password encryption.
In case you want some theorical approach and further understanding of the topic, you can check the following post: https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/
Have a nice day!