There’s been yet another report of security problems with SSL. If you run a website or mail server, you may be wondering what to do about it. For now, the answer is simple: nothing—and don’t worry about it.
A while back, I wrote about passwords and promised a later post on salting. This is it: a deeper look at how servers should accept and store passwords. This is a complement to the usual articles on passwords, which focus on the user (you know the ones: “pick strong passwords”); here, I’ll be looking at the server side, and in particular how to store passwords for web sites.