* Replace pbkdf2 with bcrypt
bcrypt isn't inherently better than pbkdf2, but everything "just works"
out of the box.
* the hash verification routine now only computes one hash per call
* a per-user salt is built into the hash as opposed to the current
global salt
* bcrypt.checkpw() is immune to timing attacks regardless of input
* hash strength is a function of real time benchmarks and a
"difficulty" level, meaning we won't have to ever update the iteration
count
* WIP: add hash upgrade mechanism
* WIP: clarify decode issue
* remove stale testing code
* Fix test
* Ensure incorrect legacy passwords fail
* Add better invalid legacy password test
* Lint
* Run tests in async scope
Matt Hamilton
Jason Hu
Paulus Schoutsen