>Hmm...so it appears SHA1 is falling out of favor. SHA 2 (w/512 bit digest) is probably a better choice at this point.
>
>Here's an interesting article about it:
>
>
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/>
>Still, it seems like maybe performing some translation or calculation on the salt before adding it to the password should help mitigate this somewhat. Just having the salt and password hash wouldn't be enough - you'd also need to know what the transform looked like on the salt (although I'd bet that if you could recover a few of them the transform would probably be easy to recover if you're not careful). Shrug - this encryption/hashing stuff is hard.
Thanks