@Arron G: Could you (or anyone else) elaborate on why the username would be a “far worse” choice for a salt than a “static” salt? I’m afraid I don’t see why that would be the case since by adding a unique salt on to each password, a new rainbow table would need to be generated for each user (assuming unique usernames is a constraint). This seems to be better than having the same salt added. What am I missing?