On Thu, Oct 16, 2014 at 11:43 AM, John Mellor <joh...@google.com> wrote:
> On 16 October 2014 08:52, Mike West <mk...@google.com> wrote: > >> * Server stores credentials as `sha512(password + username)`. >> > > It might be better to require PBKDF2/bcrypt/scrypt. > Yeah, that certainly makes sense. -mike