Last October, I learned about “key stretching” from Solar Designer’s “How to manage a PHP application’s users and passwords” — a concept that is applicable well beyond PHP. Combined with salting, it is effective at slowing down brute forcing attacks, and even against rainbow tables.