Update encryption-algorithm-history.md

Pietervanhove · Pietervanhove · commit d7853c958b23 · 2025-08-21T15:54:40.000+02:00
diff --git a/docs/includes/encryption-algorithm-history.md b/docs/includes/encryption-algorithm-history.md
@@ -10,4 +10,4 @@ ms.custom:
 
 Beginning with [!INCLUDE [sssql11-md](sssql11-md.md)], SQL Server and Azure SQL DB used a SHA-512 hash combined with a 32-bit random and unique salt. This method made it statistically infeasible for attackers to deduce passwords.
 
-[!INCLUDE [sssql25-md](sssql25-md.md)] introduces an iterated hash algorithm, RFC2898, also known as a *password-based key derivation function* (PBKDF). This algorithm still uses SHA-512 but hashes the password multiple times (100,000 iterations), significantly slowing down brute-force attacks. This change enhances password protection in response to evolving security threats and helps customers comply with NIST SP 800-63b guidelines.
+[!INCLUDE [sssql25-md](sssql25-md.md)] introduces an iterated hash algorithm, RFC2898, also known as a *password-based key derivation function* (PBKDF). This algorithm still uses SHA-512 but hashes the password multiple times (100,000 iterations), significantly slowing down brute-force attacks. This change enhances password protection in response to evolving security threats and helps customers comply with NIST SP 800-63b guidelines. This security enhancement uses a stronger hashing algorithm, which may slightly increase login time for SQL Authentication logins. The impact is generally negligible in environments with connection pooling, but may be more noticeable in scenarios without pooling or where login latency is closely monitored.

Original file line number	Diff line number	Diff line change
`@@ -10,4 +10,4 @@ ms.custom:`
`10`	`10`
`11`	`11`	`Beginning with [!INCLUDE [sssql11-md](sssql11-md.md)], SQL Server and Azure SQL DB used a SHA-512 hash combined with a 32-bit random and unique salt. This method made it statistically infeasible for attackers to deduce passwords.`
`12`	`12`
`13`		`-[!INCLUDE [sssql25-md](sssql25-md.md)] introduces an iterated hash algorithm, RFC2898, also known as a password-based key derivation function (PBKDF). This algorithm still uses SHA-512 but hashes the password multiple times (100,000 iterations), significantly slowing down brute-force attacks. This change enhances password protection in response to evolving security threats and helps customers comply with NIST SP 800-63b guidelines.`
	`13`	+[!INCLUDE [sssql25-md](sssql25-md.md)] introduces an iterated hash algorithm, RFC2898, also known as a password-based key derivation function (PBKDF). This algorithm still uses SHA-512 but hashes the password multiple times (100,000 iterations), significantly slowing down brute-force attacks. This change enhances password protection in response to evolving security threats and helps customers comply with NIST SP 800-63b guidelines. This security enhancement uses a stronger hashing algorithm, which may slightly increase login time for SQL Authentication logins. The impact is generally negligible in environments with connection pooling, but may be more noticeable in scenarios without pooling or where login latency is closely monitored.