Originally posted as an answer to Encryption: What is the best way to store username and password in a database?

The previous answers to this question were very good, but I want to make sure I stress two things. When it comes to storing passwords using hashes, always use SALT (pepper is optional :). The reason is because if you only use a hash function, someone could use a rainbow table to break short or common passwords. The second thing I would recommend is never, ever, ever invent your own way of doing this. Use something like bcrypt or some other library that has been fully tested and vetted. Why? Cryptographic systems are hard to create. I would suggest reading http://www.schneier.com/blog/archives/2011/04/schneiers_law.html to give some perspective.