Hashing passwords: Is it a good idea?

352380 pts.
Tags:
Password
Password management
Security
Now, I'm not sure if this is the best idea so that's why I'm trying to start this discussion. For hashing passwords, should we use hashed passwords as the salt?
$passwd = 'foo';
$salt = hash($passwd);
$finalHash = hash($passwd . $salt);
The $finalHash is what would be stored in the database. I do understand that two users with the same password "foo" would have identical hashes. That's the only weakness I've come up with so far.

Also, shouldn't salts be random / unique for the hash? Thanks.

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    The UserID plus the Password would give (practically) unique hashes. If two UserIDs had the same Password, the resulting hashes would be appropriately unique. -- Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following