Crackstation has an excellent write up on the importance of not just hashing passwords. They mainly cover the utilization of salting hashes and state, “The salt does not need to be secret. Just by randomizing the hashes, lookup tables, reverse lookup tables, and rainbow tables become ineffective.”
Crackstation also goes into the follies in specific hashing techniques and explains the idea of double hashing saying, “All it does is create interoperability problems, and can sometimes even make the hashes less secure. “
” The salt needs to be unique per-user per-password. Every time a user creates an account or changes their password, the password should be hashed using a new random salt. Never reuse a salt. The salt also needs to be long, so that there are many possible salts. As a rule of thumb, make your salt is at least as long as the hash function’s output. The salt should be stored in the user account table alongside the hash. ”
Crackstation
cybersqueeze 