The company I work for is trying to update its password storage security/account security. The security manager is refusing to anything with encryption algorithms (I don't know how he got his job honestly), and he's put it on me to come up with more password security, etc. He's convinced that even variable SALT's with high iteration counts are useless. Kind of annoying. Anyway, I'm looking for possible ideas that I can go over and present to him.
Oh and another stupid thing, he won't tell me how we currently store passwords.. yep