> Bcrypt or PBKDF2 with random salts per password is really what anyone > storing passwords should be using today. Indeed. A while ago I had a brainfart and presented it in a draft: https://tools.ietf.org/html/draft-kistel-encrypted-password-storage-00 It seemed like a good idea at the time :-) It didn't gain much traction though. Robert