diff --git a/deps/rabbit_common/app.bzl b/deps/rabbit_common/app.bzl
index 66bd9371fdb4..6a714cbd6f67 100644
--- a/deps/rabbit_common/app.bzl
+++ b/deps/rabbit_common/app.bzl
@@ -65,6 +65,7 @@ def all_beam_files(name = "all_beam_files"):
             "src/rabbit_password_hashing_md5.erl",
             "src/rabbit_password_hashing_sha256.erl",
             "src/rabbit_password_hashing_sha512.erl",
+            "src/rabbit_password_hashing_pbkdf2_hmac_sha512_v1.erl",
             "src/rabbit_pbe.erl",
             "src/rabbit_peer_discovery_backend.erl",
             "src/rabbit_policy_validator.erl",
@@ -159,6 +160,7 @@ def all_test_beam_files(name = "all_test_beam_files"):
             "src/rabbit_password_hashing_md5.erl",
             "src/rabbit_password_hashing_sha256.erl",
             "src/rabbit_password_hashing_sha512.erl",
+            "src/rabbit_password_hashing_pbkdf2_hmac_sha512_v1.erl",
             "src/rabbit_pbe.erl",
             "src/rabbit_peer_discovery_backend.erl",
             "src/rabbit_policy_validator.erl",
@@ -249,6 +251,7 @@ def all_srcs(name = "all_srcs"):
             "src/rabbit_password_hashing_md5.erl",
             "src/rabbit_password_hashing_sha256.erl",
             "src/rabbit_password_hashing_sha512.erl",
+            "src/rabbit_password_hashing_pbkdf2_hmac_sha512_v1.erl",
             "src/rabbit_pbe.erl",
             "src/rabbit_peer_discovery_backend.erl",
             "src/rabbit_policy_validator.erl",
diff --git a/deps/rabbit_common/src/rabbit_password.erl b/deps/rabbit_common/src/rabbit_password.erl
index b54e3c4b64d7..b78708f13149 100644
--- a/deps/rabbit_common/src/rabbit_password.erl
+++ b/deps/rabbit_common/src/rabbit_password.erl
@@ -32,8 +32,11 @@ salted_hash(Salt, Cleartext) ->
     salted_hash(hashing_mod(), Salt, Cleartext).
 
 salted_hash(Mod, Salt, Cleartext) ->
-    Fun = fun Mod:hash/1,
-    Fun(<<Salt/binary, Cleartext/binary>>).
+    ModuleInfoFun = fun Mod:module_info/1,
+    case lists:member({hash,2}, ModuleInfoFun(exports)) of
+        true  -> Fun = fun Mod:hash/2, Fun(Salt, Cleartext);
+        false -> Fun = fun Mod:hash/1, Fun(<<Salt/binary, Cleartext/binary>>)
+    end.
 
 hashing_mod() ->
     rabbit_misc:get_env(rabbit, password_hashing_module,
diff --git a/deps/rabbit_common/src/rabbit_password_hashing_pbkdf2_hmac_sha512_v1.erl b/deps/rabbit_common/src/rabbit_password_hashing_pbkdf2_hmac_sha512_v1.erl
new file mode 100644
index 000000000000..88965e9114d2
--- /dev/null
+++ b/deps/rabbit_common/src/rabbit_password_hashing_pbkdf2_hmac_sha512_v1.erl
@@ -0,0 +1,21 @@
+%% This Source Code Form is subject to the terms of the Mozilla Public
+%% License, v. 2.0. If a copy of the MPL was not distributed with this
+%% file, You can obtain one at https://mozilla.org/MPL/2.0/.
+%%
+%% Copyright (c) 2007-2024 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All rights reserved.
+%%
+
+-module(rabbit_password_hashing_pbkdf2_hmac_sha512_v1).
+
+%% TODO: I don't know if I should extend this behaviour, or change the other
+%% implementations to do salt prefixing themselves.
+%% -behaviour(rabbit_password_hashing).
+
+-export([hash/2]).
+
+%% OWASP-recommended iteration count, as of 2024.
+-define(ITERATIONS, 210000).
+-define(KEYLEN, 64).
+
+hash(Salt, Binary) ->
+    crypto:pbkdf2_hmac(sha512, Binary, Salt, ?ITERATIONS, ?KEYLEN).
diff --git a/deps/rabbitmq_management/priv/www/api/index.html b/deps/rabbitmq_management/priv/www/api/index.html
index 14bcaeb36a22..9694a9661ea7 100644
--- a/deps/rabbitmq_management/priv/www/api/index.html
+++ b/deps/rabbitmq_management/priv/www/api/index.html
@@ -777,8 +777,9 @@ <h2>Reference</h2>
         <code>password_hash</code> must be generated using the algorithm described
         <a href="https://rabbitmq.com/passwords.html#computing-password-hash">here</a>.
         You may also specify the hash function being used by adding the <code>hashing_algorithm</code>
-        key to the body. Currently recognised algorithms are <code>rabbit_password_hashing_sha256</code>,
-        <code>rabbit_password_hashing_sha512</code>, and <code>rabbit_password_hashing_md5</code>.
+        key to the body. Currently recognised algorithms are <code>rabbit_password_hashing_pbkdf2_hmac_sha512_v1</code>,
+	<code>rabbit_password_hashing_sha256</code>, <code>rabbit_password_hashing_sha512</code>,
+	and <code>rabbit_password_hashing_md5</code>.
         </td>
       </tr>
       <tr>
diff --git a/moduleindex.yaml b/moduleindex.yaml
index 02f800fcd252..ae18c868bc77 100755
--- a/moduleindex.yaml
+++ b/moduleindex.yaml
@@ -788,6 +788,7 @@ rabbit_common:
 - rabbit_password_hashing_md5
 - rabbit_password_hashing_sha256
 - rabbit_password_hashing_sha512
+- rabbit_password_hashing_pbkdf2_hmac_sha512_v1
 - rabbit_pbe
 - rabbit_peer_discovery_backend
 - rabbit_policy_validator