Over in my thread RFC / Audit: Mojo Login Example, I used PBKDF2::Tiny, I mentioned pgcrypto, and I was also pointed to Bcrypt and Password::OWASP - the latter referring to The Open Web Application Security Project.