There are different ways to implement security in a system based on many different factors. When implementing security for your user accounts, we give lots of thought to security in relation to a non-compromised system, where attackers are still trying to penetrate and gain access to account data.
How about security playing a role to systems that have been compromised? Where the attacker has gained access to resources such as the database and source code? What can the security we put in place now, help with then?
We’re going to take a close look at user account security through dissecting the building blocks, shortcomings and pitfalls of password hashing.
http://lockmedown.com/user-account-security-with-pbkdfs
