Thought-provoking piece on password hashing, with some history, and an argument that hashing prevented people realising for a long time how bad people’s passwords were. I’m not sure I totally buy that, but maybe, for some definition of “bad”.

Also an interesting thought that passwords should be asynchronously encrypted instead of hashed, allowing research work using the private key. It’s right that you could never get approval for this now, but maybe it would be ok if there was the theoretical room where the keys were stored.