28 May
2015
28 May
'15
5:29 a.m.
Bcrypt or PBKDF2 with random salts per password is really what anyone storing passwords should be using today.
Indeed. A while ago I had a brainfart and presented it in a draft: https://tools.ietf.org/html/draft-kistel-encrypted-password-storage-00 It seemed like a good idea at the time :-) It didn't gain much traction though. Robert