As some commenters have already pointed out, this post contains incorrect information. The UNIX crypt routine computes exactly what you are advocating -- salted hashes, even though it relies on symmetrical DES algorithm. Of course, that does not mean that using it is actually a good idea -- because of its low computational complexity and the short 2-char salt. bcrypt is generally recommended as a viable approach these days.. And at the end of the day, though, with passwords like '123456' and 'password' chosen by most users [1], no amount of smart hashing is going to help you if the database is compromised. As there is enough confusion about password security in the blogosphere already, and your blog enjoys fairly high visibility, it would be nice to see that point fixed in the post. [1] http://www.duosecurity.com/blog/entry/brief_analysis_of_the_gawker_password_dump