Hashing passwords: Is it a good idea?

435940 pts.
Tags:
Password
Password management
Security
Now, I'm not sure if this is the best idea so that's why I'm trying to start this discussion. For hashing passwords, should we use hashed passwords as the salt?
$passwd = 'foo';
$salt = hash($passwd);
$finalHash = hash($passwd . $salt);
The $finalHash is what would be stored in the database. I do understand that two users with the same password "foo" would have identical hashes. That's the only weakness I've come up with so far.

Also, shouldn't salts be random / unique for the hash? Thanks.

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • TomLiotta
    The UserID plus the Password would give (practically) unique hashes. If two UserIDs had the same Password, the resulting hashes would be appropriately unique. -- Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: