Is there any benefit to using:
sha1($long_unpredictable_randomly_generated_salt.$password.$global_salt)
over
sha1(sha1($username).$password.$global_salt)
The unique salt is obviously stored in the database, while the global salt is in a configuration file on the server.
I know the purpsoe of a salt is just to be unique, and prevent pre-calculated hash tables.. so I see no reason the long hash generated by sha1($username)
is not good enough.. but as security is very important, I thought i'd ask for informative advice here from somebody who may know better :-)