you know, I thought about using a random number as as salt.
in fact, I thought of using the unique installation ID for it, which is already stored in my database.
perfect.
but then I thought:
damn, if someone gets the database, he gets the unique installation ID along with it.
there goes the theory.