16 Mar
2012
16 Mar
'12
9:06 p.m.
On Mar 16, 2012, at 12:59 , Charles Duffy wrote: [...]
I'm a bit concerned about storing password hashes unsalted -- compared to a salted hash, this makes a stolen database easier to retrieve user passwords from, dangerous if users use their passwords for other purposes as well.
Would salting (and perhaps stretching) the hashes be considered a reasonable feature to support in the future?
http://codahale.com/how-to-safely-store-a-password/
Hope this helps, John