[Auth] Security improvements

[gdude2002]

• Auth should support multiple hashing algorithms, with the possibility of conversion and mixing.
  • PBKDF2 and bcrypt should be recommended, with bcrypt being the best, a la django
• Auth should use a database (Eg sqlite) for efficiency
• mkpasswd is awful, fix that

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/28382145-auth-security-improvements?utm_campaign=plugin&utm_content=tracker%2F269930&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F269930&utm_medium=issues&utm_source=github).

[gdude2002]

Turns out that bcrypt has wheels now, so no compilation is required on Windows - I've added it to the default requirements because of that.

[gdude2002]

I honestly have no idea how to implement a database without having to support deferreds all the way up the tree, which is frankly not something I want to do right now.