Secure Password Storage - Lots of don'ts, a few dos, and a concrete Java SE example
Note: this post frequently refers to “encrypting” passwords, a term that usually implies that they could be decrypted. We’re really talking about doing a one-way hash. I used the term “encrypt” to make it more accessible to those who are less familiar with cryptography, but “hash” would have been more precise.
(more)
Older