storing username/email and password with a hash of the hash of the email/password?

Question

Quite the simple discussion this one (one would assume):

If I'd hash the email and password, and then hash the hashes, whould this be considered safe enough or would this just be a waste considering you could just salt them both?

What should the salt be, could it be the username-part of the email?

score 2 · Answer 1 · answered Dec 17 '13 at 13:08

2

Don't hash the usernames. For passwords, hash them using something like bcrypt or PBKDF2. Read this ASAP for more (also contains example source code).

answered Dec 17 '13 at 13:08

Ion

646
5
11

storing username/email and password with a hash of the hash of the email/password?

1 Answers1