Have I got your attention? It's a sensationalist title, but this is important and developers/administrators still get it wrong. Both online and professionally, I encounter technical people still turning to traditional hashing algorithms like SHA or, Schneier forbid, MD5 when making decisions about scrambling user credentials. Even this recent question on Stack Overflow Exchange has yielded inaccurate answers. While choosing something like SHA-256 with salt isn't necessarily a bad decision, it...
