diff --git a/inc/config.php b/inc/config.php
index 0cece593..664d1710 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -184,6 +184,9 @@
 	// Used to salt secure tripcodes ("##trip") and poster IDs (if enabled).
 	$config['secure_trip_salt'] = ')(*&^%$#@!98765432190zyxwvutsrqponmlkjihgfedcba';
 
+	// Used to salt poster passwords.
+	$config['secure_password_salt'] = 'wKJSb7M5SyzMcFWD2gPO3j2RYUSO9B789!@#$%^&*()';
+
 /*
  * ====================
  *  Flood/spam settings
diff --git a/inc/functions.php b/inc/functions.php
index 2f23ef09..adf83e9b 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -3089,3 +3089,9 @@ function check_thread_limit($post) {
 		return $r['count'] >= $config['max_threads_per_hour'];
 	}
 }
+
+function hashPassword($password) {
+	global $config;
+
+	return hash('sha3-256', $password . $config['secure_password_salt']);
+}
\ No newline at end of file
diff --git a/install.php b/install.php
index c174771b..0b25ae02 100644
--- a/install.php
+++ b/install.php
@@ -919,6 +919,7 @@ if ($step == 0) {
 	$sg = new SaltGen();
 	$config['cookies']['salt'] = $sg->generate();
 	$config['secure_trip_salt'] = $sg->generate();
+	$config['secure_password_salt'] = $sg->generate();
 
 	echo Element('page.html', array(
 		'body' => Element('installer/config.html', array(
diff --git a/post.php b/post.php
index 0a0dd94a..b7fd5f71 100644
--- a/post.php
+++ b/post.php
@@ -364,10 +364,11 @@ if (isset($_POST['delete'])) {
 	if (!isset($_POST['board'], $_POST['password']))
 		error($config['error']['bot']);
 
-	$password = &$_POST['password'];
-
-	if ($password == '')
+	if (empty($_POST['password'])){
 		error($config['error']['invalidpassword']);
+	}
+
+	$password = hashPassword($_POST['password']);
 
 	$delete = array();
 	foreach ($_POST as $post => $value) {
@@ -415,10 +416,11 @@ if (isset($_POST['delete'])) {
 				error(sprintf($config['error']['delete_too_late'], until($post['time'] + $config['max_delete_time'])));
 			}
 
-			if ($password != '' && $post['password'] != $password && (!$thread || $thread['password'] != $password))
+			if (!hash_equals($post['password'], $password) && (!$thread || !hash_equals($thread['password'], $password))) {
 				error($config['error']['invalidpassword']);
+			}
 
-			if ($post['time'] > time() - $config['delete_time'] && (!$thread || $thread['password'] != $password)) {
+			if ($post['time'] > time() - $config['delete_time'] && (!$thread || !hash_equals($thread['password'], $password))) {
 				error(sprintf($config['error']['delete_too_soon'], until($post['time'] + $config['delete_time'])));
 			}
 
@@ -767,7 +769,7 @@ if (isset($_POST['delete'])) {
 	$post['subject'] = $_POST['subject'];
 	$post['email'] = str_replace(' ', '%20', htmlspecialchars($_POST['email']));
 	$post['body'] = $_POST['body'];
-	$post['password'] = $_POST['password'];
+	$post['password'] = hashPassword($_POST['password']);
 	$post['has_file'] = (!isset($post['embed']) && (($post['op'] && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || count($_FILES) > 0));
 
 	if (!$dropped_post) {
@@ -920,8 +922,6 @@ if (isset($_POST['delete'])) {
 			error($config['error']['toolong_body']);
 		if (!$mod && substr_count($post['body'], "\n") >= $config['maximum_lines'])
 			error($config['error']['toomanylines']);
-		if (mb_strlen($post['password']) > 20)
-			error(sprintf($config['error']['toolong'], 'password'));
 	}
 	wordfilters($post['body']);
 
diff --git a/templates/installer/config.html b/templates/installer/config.html
index 973328f5..00a5b241 100644
--- a/templates/installer/config.html
+++ b/templates/installer/config.html
@@ -88,6 +88,9 @@
 		<label for="secure_trip_salt">Secure trip (##) salt:</label> 
 		<input type="text" id="secure_trip_salt" name="secure_trip_salt" value="{{ config.secure_trip_salt }}" size="40">
 
+		<label for="secure_password_salt">Poster password salt:</label>
+		<input type="text" id="secure_password_salt" name="secure_password_salt" value="{{ config.secure_password_salt }}" size="40">
+
 		<label for="more">Additional configuration:</label>
 		<textarea id="more" name="more">{{ more }}</textarea>
 	</fieldset>
diff --git a/tools/hash-passwords.php b/tools/hash-passwords.php
new file mode 100644
index 00000000..3c6463ee
--- /dev/null
+++ b/tools/hash-passwords.php
@@ -0,0 +1,17 @@
+<?php
+
+require_once dirname(__FILE__) . '/inc/cli.php';
+
+$boards = listBoards();
+		foreach ($boards as &$_board) {
+			query(sprintf('ALTER TABLE ``posts_%s`` MODIFY `password` varchar(64) DEFAULT NULL;', $_board['uri'])) or error(db_error());
+		    $query = prepare(sprintf("SELECT DISTINCT `password` FROM ``posts_%s``", $_board['uri']));
+            $query->execute() or error(db_error($query));
+
+		    while($entry = $query->fetch(PDO::FETCH_ASSOC)) {
+		        $update_query = prepare(sprintf("UPDATE ``posts_%s`` SET `password` = :password WHERE `password` = :password_org", $_board['uri']));
+		        $update_query->bindValue(':password', hashPassword($entry['password']));
+		        $update_query->bindValue(':password_org', $entry['password']);
+		        $update_query->execute() or  error(db_error());
+		    }
+		}
