Is hashing a password twice before storage any more or less secure than just hashing it once?
What I’m talking about is doing this:
$hashed_password = hash(hash($plaintext_password));
instead of just this:
$hashed_password = hash($plaintext_password);
If it is less secure, can you provide a good explanation (or a link to one)?
Also, does the hash function used make a difference? Does it make any difference if you mix md5 and sha1 (for example) instead of repeating the same hash function?
Note 1: When I say “double hashing” I’m talking about hashing a password twice in an attempt to make it more obscured. I’m not talking about the technique for resolving collisions.
Note 2: I know I need to add a random salt to really make it secure. The question is whether hashing twice with the same algorithm helps or hurts the hash.
