Interesting Links for 20-11-2011

• BACK TO THE FUTURE - recreating old photos with the same people decades later. (some nsfw)
  (tags: photography photos art age future )
• You might have hundreds of unread private messages on Facebook!
  (tags: facebook )
• Porn That Women Like: Why Does It Make Men So Uncomfortable?
  (tags: james_deen porn women )
• Fear, Racism, Rehab and History: The 25th Anniversary of Run DMC & Aerosmith's "Walk This Way"
  (tags: Aerosmith RumDMC race music usa JesusIFeelOld )
• Netflix has first broadcast rights to new episodes Of ‘Arrested Development’. A new phase of TV distribution?
  (tags: tv media )
• Sexiest Dance Moves for Men Identified
  (tags: psychology science dance men )
• Twitter now inserting ads into your timeline
  (tags: twitter advertising )
• Ebooks, you’re doing it wrong.
  (tags: ebooks editing )
• Light created from a vacuum
  (tags: physics light vacuum )

Any advice on storing passwords securely?

I'm currently adding Wordpress support to my link poster. And I've hit a hitch with passwords.

LJ's security means you pass the username and MD5(LJChallenge+MD5(Password)) - where LJChallenge is retrieved for each call you make. This means that I can store the MD5 of the user's password rather than storing it in plain text. While I am completely trustworthy, it's nice that I can browse the datastore and check things look ok without accidentally seeing people's passwords.

Wordpress, on the other hand, uses the MetaWeblog API for posting. Which takes the user's password in plain text.

Which means I can't hash the password when it's submitted, I have to store it in a way that I can return it back to its true value when required.

Anyone got any suggestions for what to use for this that's reasonably secure?

(I'm working in Java, which seems to have libraries for just about everything, if that helps.)

Edit: I've submitted a suggestion to DW and LJ to support OAuth. Can't see it happening this week though.