diff --git a/webgoat-lessons/crypto/src/main/resources/lessonPlans/en/hashing_plan.adoc b/webgoat-lessons/crypto/src/main/resources/lessonPlans/en/hashing_plan.adoc
index a07b183b8..3536b2623 100644
--- a/webgoat-lessons/crypto/src/main/resources/lessonPlans/en/hashing_plan.adoc
+++ b/webgoat-lessons/crypto/src/main/resources/lessonPlans/en/hashing_plan.adoc
@@ -1,6 +1,6 @@
 = Cryptography Basics 
  
-== Hashing 
+== Plain Hashing 
 
 Hashing is a type of cryptography which is mostly used to detect if the original data has been changed. A hash is generated from the original data. It is based on irreversible cryptographic techniques. 
 If the original data is changed by even one byte, the resulting hash is also different.
@@ -10,6 +10,11 @@ So in a way it looks like a secure technique. However, it is NOT and even NEVER
 Some hashing algorithms should no longer be used: MD5, SHA-1
 For these hashes it is possible to change the payload in such a way that it still results in the same hash. This takes a lot of computing power, but is still a feasible option.
 
+== Salted Hashes
+
+Plain passwords should obviously not be stored in a database. And the same goes for plain hashes.
+The https://owasp.org/www-project-cheat-sheets/cheatsheets/Password_Storage_Cheat_Sheet.html[OWASP Password Storage Cheat Sheet,window=_blank] explains what should be used when password related information needs to be stored securely.
+
 == Assignment
 
-Now let's see if you can find what passwords matches which hashes.
+Now let's see if you can find what passwords matches which plain (unsalted) hashes.