I've had quite a few questions about my previous post (from June 2010) on Passwords since I recently reposted it.
More specifically the questions and comments were around key stretching.
Q. But doesn't looping that many times slow the password verification step down?
A. Well yes. That's kind of the point. The user may experience negligible latency during the authentication process, this can be tuned to have no or little effect on the user experience. This same delay is multiplied by the number of brute force attempts made by the attacker.
Q. The attacker doesn't need the salt or the algorithm if they are going through the front door?
A. Agreed. Which is why you'd have some controls and triggers at the front door to alert when abnormal or atypical behaviour is detected.
Q. If an attack gains access to a system, surely it's game over for user PII?
A. The thing I like about key stretching is that a hacker needs to have access to the salt, the hashed password and stretching algorithm. So, if you store the salt in a different table or even DB than the hashed password, the attacker would need to get their mitts on both tables or both DBs. Gaining visibility of the algorithm means that the attacker would also need to have access to, or knowledge about the specific implementation details; ie the source code. Typical environment configurations ensure that there is no way to get to a development environment from a production environment (and vice versa), making it difficult to gain access to the source.
This is a quick and dirty example of what key stretching would look implemented in Java.
This runs in around 0.75 seconds on my local box. Which means every iteration of a dictionary attack or a brute force attack would take the same time.
Caveat: this is purely an example of how you could implement stretching.