Jeffrey: such a system already exists: smartcards No need for storing passwords in a database anymore, and it's perfectly usable on the web in combination with SSL.

Sofa420: This looks like a waste of cpu cycles to me. Salts have only one purpose: to make sure that the same password evaluates to a different hash. Therefore, it only secures against those famous dictionary-attacks (= rainbow tables). The only thing that really matters for a salt, is that's unique. In fact, your implementation might not be secure at all, if you also store that date in your database (as date/time of registration for example). This makes your salt predictable, and not really random, therefore defeating the purpose of a salt. I think it's better to use a cryptographic number generator for this. Now if you are doing this in JavaScript, you don't really have one. Maybe you could use something like this (pseudocode) : salt = hash(mouse_cursor_position+ screen_resolution + user_agent + ...) a combination of this should be more random then taking the username and registration date as a salt. The extra hashing you do in your code, does nothing to prevent that.