Tim Starling wrote:
So the time has probably come for us to come up with a "C" type
password hashing scheme, to replace the B-type hashes that we use at
the moment.
What about using public key cryptography? Generate a key-pair and use the
"public" key to produce your password hashes. Store the private key offline in
an underground vault just in case someday you'll need to recover the original
passwords in order to rehash them. Needless to say the key-pair must be entirely for
internal use and not already part of some PKI system (i.e. the basis for one of
Wikimedia's signed SSL certificates).