By definition, an ideal hash function is such that the fastest way to compute a first or second preimage is through a brute-force attack.
For an n-bit hash, this attack has a time complexity 2n, which is considered too high for a typical output size of n = 128 bits.
For example, a preimaging attack that costs trillions of dollars and takes decades to preimage one desired hash value or one message is not practical; one that costs a few thousand dollars and takes a few weeks might be very practical.
However if a given hash value is known to have been produced from a set of inputs that is relatively small or is ordered by likelihood in some way, then a brute force search may be effective.
Practicality depends on the input set size and the speed or cost of computing the hash function.
When a user requests access, the password they submit is hashed and compared with the stored value.
If the stored validation data is stolen, the thief will only have the hash values, not the passwords.
[6] Special hashes called key derivation functions have been created to slow searches.