I've noticed a fondness for sticking a hash function in a loop and just running it eight times (ala phpBB, I'm not sure if they still do it, but there's a legend floating around about them) or even 65 thousand times.
This doesn't really make the hashes "stronger".
Instead, it makes them weaker as multiple strings will hash to the same string creating all sorts of problems for you.
Only a hash function which has been explicitly designed to be iterated like bcrypt or Argon 2 can be used like that. And even then, you pass the number of iterations you want it to do rather than doing it yourself.
This doesn't really make the hashes "stronger".
Instead, it makes them weaker as multiple strings will hash to the same string creating all sorts of problems for you.
Only a hash function which has been explicitly designed to be iterated like bcrypt or Argon 2 can be used like that. And even then, you pass the number of iterations you want it to do rather than doing it yourself.
