With the wondrous “lulsec”, “anonymous” and other interesting parties breaking, decrypting (unless your plain-text Sony) and sharing their horde with the entire web, it begs the question.
How do you secure your users passwords?
I’ve labeled this C# as I’ve seen a lot of sites still using things like MD5, which is pretty worthless in a world filled with rainbow tables. Though of course this isn’t an issue restricted to that specific language (affects most things); I’m just more interested in responses tackling the Microsoft Stack.
This covers the bulk of what you ask about. MD5 is not worthless if you salt it.
The difference between a salted and unsalted table is that in the former case you effectively have to create a new rainbow table for each unique salt. If they’re intent on finding the details of you, and just you, they’ll likely be able to do it just as fast as they would with a rainbow table across an unsalted database, but they could not reuse those calculations to get the data of anybody else.