Nobody has asked us any questions yet. However we are eager to answer the most obvious one.
Because dictionary attacks and rainbow tables cannot be just defeated using complicated hash functions and salts: users always find the weakest possible password for any scheme.
We are concerned about dictionary attacks on the shadow file (or on any database containing hashed authentication tokens). The advent of rainbow tables and fast, cheap computing has weakened the ability of hashes to keep "passwords" safe.
However, the security issue does not lie on the hashing functions, but on the fact that despite any security measures, end users find always a way to use simple passwords (even more, each set of password requirements admits several "simplest" examples, which will be used frequently by different users and will be easily found when using a "dictionary" or a rainbow table).
Our approach uses the random nature of OAEP, which essentially adds more than 80 bits of randomness to the cyphertext, making both dictionary and rainbow tables attacks infeasible (in order to obtain the same cyphertext, the attacker needs to try the same password as the user and use the same random bits when encrypting).
This security project, the Sibyl, has been invented and implemented by Pedro Fortuny and Rafael Casado. Keep updated.
You can also see Pedro's and Rafa's LinkedIn profiles.
All the documentation in this domain is published under a Creative Commons-By Attribution licence. All the code is made public subject to the BSD licence.