On Friday, 27 November 2015 at 16:14:06 UTC, H. S. Teoh wrote: > True, so you'd store hash(password01) in the database, and > compute > hash(X + hash(password)) during authentication. > > > T Another option is SCRAM: https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism