When you hash 'em, hash 'em well. With a grain (or a hundred odd bits) of salt. And preferably with a suitably expensive KDF based on a hash that's not known to be totally hosed. glibc 2.7+ crypt() with the $5$ method should be reasonably strong; Crypt::SaltedHash with SHA-256 is less strong, but the best thing I can think of that's reasonably portable.
in reply to Re: Status of Recent User Information Leak (jdporter++)
in thread Status of Recent User Information Leak