diff --git a/src/routes/auth.zig b/src/routes/auth.zig
index ae4062b..a04c133 100644
--- a/src/routes/auth.zig
+++ b/src/routes/auth.zig
@@ -9,7 +9,6 @@ const utils = @import("../utils.zig");
 //TODO move these to env variables
 
 const key = "aGVyZUlzQUdpYmVyaXNoS2V5ISE=";
-pub const HASH_SEED: u64 = 6065983110;
 
 pub const VerifyAuthError = error{
     Unauthorized,
diff --git a/src/routes/user.zig b/src/routes/user.zig
index 7506b7a..3c16d16 100644
--- a/src/routes/user.zig
+++ b/src/routes/user.zig
@@ -42,7 +42,7 @@ pub fn login(req: *httpz.Request, res: *httpz.Response) !void {
     }
 
     var user: ?models.User = null;
-    const password_hash = @truncate(u32, std.hash.Wyhash.hash(auth.HASH_SEED, body.password));
+    const password_hash = try utils.hashPassword(allocator, body.password);
     if (body.username != null) {
         const query =
             "WHERE pass_hash = ? and username = ?;";
@@ -107,7 +107,7 @@ pub fn signup(req: *httpz.Request, res: *httpz.Response) !void {
     //     return;
     // }
 
-    const password_hash = @truncate(u32, std.hash.Wyhash.hash(auth.HASH_SEED, body.password));
+    const password_hash = try utils.hashPassword(allocator, body.password);
     const now = @bitCast(u64, std.time.milliTimestamp());
 
     const uname_query =
diff --git a/src/utils.zig b/src/utils.zig
index f0e7f39..943683d 100644
--- a/src/utils.zig
+++ b/src/utils.zig
@@ -1,5 +1,8 @@
 const std = @import("std");
 
+const HASH_SEED: u64 = 6065983110;
+const HASH_SALT: []const u8 = "ZnNLSRbY12DpPeMaPooKhOsxk7Qq325a2KF8EoIIeOaEz";
+
 fn SpreadResult(comptime Base: type, comptime Additional: type) type {
     comptime {
         // const type_info = @typeInfo(Base);
@@ -123,18 +126,27 @@ pub fn generateRandomString(allocator: std.mem.Allocator) ![]const u8 {
     return code;
 }
 
+pub fn hashPassword(allocator: std.mem.Allocator, password: []const u8) !u32 {
+    const salted_password = try std.mem.concat(allocator, u8, &[_][]const u8{ password, HASH_SALT });
+    const password_hash = @truncate(u32, std.hash.Wyhash.hash(HASH_SEED, salted_password));
+    return password_hash;
+}
+
 test {
     // const vote = .{ .id = 0, .createdAt = "DATE" };
     // const data = structConcatFields(vote, .{ .id2 = vote.id });
     // std.log.err("\n{any}\n", .{data});
 
-    const user = .{ .id = 0, .createdAt = 2, .other = 3, .key = 4 };
-    const date = removeStructFields(user, &[_]u8{4});
-    std.debug.print("\n{any}\n", .{date});
+    // const user = .{ .id = 0, .createdAt = 2, .other = 3, .key = 4 };
+    // const date = removeStructFields(user, &[_]u8{4});
+    // std.debug.print("\n{any}\n", .{date});
 
     var gpa = std.testing.allocator_instance;
+    // _ = gpa;
     var allocator = gpa.allocator();
+    // _ = allocator;
 
-    const code = try generateRandomString(allocator);
-    std.debug.print("\nGot {s}\n", .{code});
+    // const code = try generateRandomString(allocator);
+    const hash = try hashPassword(allocator, "password");
+    std.debug.print("\nGot {}\n", .{hash});
 }