Password storage (was Re: gmail security is a joke)

Michael Thomas mike at
Thu May 28 14:41:46 UTC 2015

On 05/28/2015 02:29 AM, Robert Kisteleki wrote:
>> Bcrypt or PBKDF2 with random salts per password is really what anyone
>> storing passwords should be using today.
> Indeed. A while ago I had a brainfart and presented it in a draft:
> It seemed like a good idea at the time :-) It didn't gain much traction though.

Or you could choose to not store any form of password at all on the server:


More information about the NANOG mailing list