Use the PBKDF2 method of converting passwords to symmetric keys. See Recipe 4.10 for a more detailed discussion of PBKDF2.
What we are doing here isn’t really encrypting a password. Actually, we are creating a password validator. We use the term encryption because it is in common use and is a more concise way to explain the process.
The PBKDF2 algorithm provides a way to convert an arbitrary-sized
password or passphrase into an arbitrary-sized key. This method fits
perfectly with the need to store passwords in a way that does not
allow recovery of the actual password. The PBKDF2 algorithm requires
two extra pieces of information besides the password: an iteration
count and a salt. The iteration count specifies how many times to run
the underlying operation; this is a way to slow down the algorithm to
thwart brute-force attacks. The salt provides the same function as
the salt in MD5 or DES-based
Storing a password using this method is simple; store the result of the PBKDF2 operation, along with the iteration count and the salt. When verification of a password is required, retrieve the stored values and run the PBKDF2 using the supplied password, saved iteration count, and salt. Compare the output of this operation with the stored result, and if the two are equal, the ...