Thanks Ted! I’m only able to do minor edits at this point, because we’re finishing up and going to production very soon. I agree with you about making a stronger recommendation for modern cryptographic hash algorithms.
I can’t make a major rewrite now, and ultimately it’s a book about SQL, not cryptography. But I’ve edit to make the recommended practice more clear :
“The techniques in this chapter are still relevant regardless of the type of cryptographic hash algorithm you use, but you should use the current recommended algorithms such as the following:”
Then I followed the list of algorithms with:
“The above list will eventually become outdated too. If you’re responsible for implementing an authentication system, then you should keep yourself up to date on the latest standards of cryptography.”
I’ve fixed the https references in the example URLs. Ironically, the link to the bcrypt source doesn’t support https!