I'll try to bring more light into that. If you are using SHA2SALT password hashing, then the password hash is computed using this method:
SecurityHelper.GetSHA2Hash(password + salt + PassordSalt);
- password is the user password,
- salt is a dynamic salt value, by default it is the UserGUID - unique value for each user,
- PasswordSalt is static salt value, you can specify it by adding the "CMSPasswordSalt" key into your web.config.
As you can see the password hash is by default calculated from the value: password + userGUID, additionaly you can specify "CMSPasswordSalt" value, so the password will be calculated as password + userGUID + CMSPasswordSalt.
Regarding the SHA2 algorithm we use SHA256Managed algorithm to compute password hashes.
You can find more information about password hashing in our documentation - Password encryption in database chapter.
Hope it will help you.