16 Mar
2012
16 Mar
'12
8:59 p.m.
Howdy --
I'm a bit concerned about storing password hashes unsalted -- compared to a salted hash, this makes a stolen database easier to retrieve user passwords from, dangerous if users use their passwords for other purposes as well.
Would salting (and perhaps stretching) the hashes be considered a reasonable feature to support in the future?