Wow. This really is a monster machine, which pulls together quite a few interesting pieces of technology. Very impressive work!
The things that I take away from this are as follows:
- In any new system that I design, I will definitely use a password hashing algorithm that is stronger than bcrypt with five rounds. I'm still pretty enamored with bcrypt for obvious reasons.
- Technologies that get us beyond straightforward password schemes are going to be more and more important in the future: two-factor authentication, etc.
- Passwords have the stink of death about them.
Very impressive work epixoip!