Keyed hash construction (e.g. HMAC-SHA256) useful as a preprocessing step for passwords when stuck with bcrypt but wanting a pepper. Must be base64-encoded before bcrypt to avoid null bytes and must produce fewer than 72 bytes of input to bcrypt. Unlike a plain SHA hash, HMAC requires the secret key, which defeats password-shucking attacks (where attackers precompute SHA hashes of leaked passwords and check them against bcrypt).