
Web Cryptography: Salted Hash and Other Tasty Dishes - gaiusparx
http://www.alistapart.com/articles/web-cryptography-salted-hash-and-other-tasty-dishes/
======
barryaustin
Since the target audience is mostly non-hackers, I'd make these points
instead:

\- For people not using a library or framework, use one!

\- For people who build libraries and frameworks, consider bcrypt!

\- For people who aren't cryptography deities, don't roll your own. Even Bruce
Schneier needs heavy peer review.

And a nit - SHA-1 is showing its age and is being phased out; SHA-2 is much
stronger and is widely available.

------
goldmab
No mention of bcrypt. <http://codahale.com/how-to-safely-store-a-password/>

