"Diez B. Roggisch" <deets at nospam.web.de> writes: > Usually, one doesn't store clear-text passwords. Instead, use a > hash-algorithm like md5 or crypt (the former is in the standard lib, don't > know of the other out of my head) and hash the password, and store that > hash. Rather, use the HMAC module, with a secret key, to thwart dictionary attacks against the hash.