1

Quite the simple discussion this one (one would assume):

If I'd hash the email and password, and then hash the hashes, whould this be considered safe enough or would this just be a waste considering you could just salt them both?

What should the salt be, could it be the username-part of the email?

OddBeck
  • 111
  • 2

1 Answers1

2

Don't hash the usernames. For passwords, hash them using something like bcrypt or PBKDF2. Read this ASAP for more (also contains example source code).

Ion
  • 646
  • 5
  • 11