Support both bcrypt and scrypt, with the config file specifying the preferred type. Make sure it's easy to add new storage methods in the future. The database should have a field for what the current storage method is (along with any parameters, like the number of bcrypt rounds). When a user logs in with an old method stored, it should be automatically updated to the preferred method in the config file.
Also, passwords should be matched with a constant-time algorithm.
Support both bcrypt and scrypt, with the config file specifying the preferred type. Make sure it's easy to add new storage methods in the future. The database should have a field for what the current storage method is (along with any parameters, like the number of bcrypt rounds). When a user logs in with an old method stored, it should be automatically updated to the preferred method in the config file.
Also, passwords should be matched with a constant-time algorithm.