I have been on a bit of a key stretching binge this week. There is a wonderful article on how to stretch your ssh keys. Apparently, by default all that stands between your ssh passphrase and your ssh key is a single round of MD5 with 8 bytes of salt. However, because ssh relies upon openssl, you can change the password format to use PBKDF2. It is really easy to do. I highly recommend doing it.
Next up, I have been wanting to add key streching to my disk encryption for a while. The problem is that when dm-crypt operates in plain mode, it simply hashes your passphrase once with a given hash. I am not a big fan of LUKS because the LUKS headers make it really apparent there is encrypted data on your drive rather than a wiped hard disk. Since I was going to need to stretch my passphrase by hand, I figured I might as well use scrypt. The problem was that I could not find any stand-alone implementation of scrypt, so I cobbled together my own stand-alone crypto_scrypt utilty. It is not pretty; it is in serious need of some command line parameter love; but it works. I even make a little crypto_scrypt nix expression so I could integrate it into my boot process.