Tim Starling wrote:
So the time has probably come for us to come up with a "C" type password hashing scheme, to replace the B-type hashes that we use at the moment.
What about using public key cryptography? Generate a key-pair and use the "public" key to produce your password hashes. Store the private key offline in an underground vault just in case someday you'll need to recover the original passwords in order to rehash them. Needless to say the key-pair must be entirely for internal use and not already part of some PKI system (i.e. the basis for one of Wikimedia's signed SSL certificates).