Jeff Jarmoc on Secure Password Schemes
Here is a link to a fantastic article by Jeff Jarmoc of Matasano updating the discusison regarding secure password schemes. I spoke about this just this week at Hack Ogden, recommending that developers utilize scrypt, bcrypt, or PBKDF2 with an adequately random function, however Jeff goes into more detail in a blog post. It really is fantastic stuff.
One hopes to never be victim of a breach that discloses their authentication database to an attacker, but it’s better to plan for the worst than to be caught in a bad situation should that occur. Think of it as an insurance plan, and plan for the worst case.