[Cryptography] Why don't we protect passwords properly?

[Ralf Senderek]

On Sun, 22 Dec 2013,  Peter Gutmann wrote:

> It's pretty simple really.  Everyone knows that passwords are no good, so
> there's no point in trying to use/apply/implement them properly.

And if someone dared to replace fast hashes with bcrypt or better, the
the uninformed user would wait for his password check a whooping second
instead of nanoseconds and will certainly think the site has a technical
problem and run to the competition.


             --ralf