There are plenty of question addressing the "client / server : where to hash ?", but i have not found anything about my particular question : considering a server_salted_hash(client_salted_hash(password)), using HTTPS, What are the risks concerning hash collisions, or is there other even more serious risks than them ? (of course, considering
As I remember in school, and readings about security good practices, a main reason about not composing hash function is it "paradoxally" weaken it by potentially increasing the number of collisions, or easing reversing it.
Thus, I would like to know if there are any security flaws introduced by such a system ? (that wouldn't be if I hash only on backend)
Supposing I use salt on both hash, are there some combinations of hash you would recommend, or advise against ?