Hashing - Salting and Stretching [duplicate]

This question already has answers here: Closed 12 years ago.

Possible Duplicates:

hash(hash()) vs salted hash

Many hash iterations: append salt every time?

While reading a recent answer I came to this juicy blog post about password hashing, and although I was already familiar with most of the techniques explained there, some doubts popped up in my mind - the most pertinent of them is why is salting important if we stretch (hash multiple times) our hash?

For instance, if we take the string "password" and apply 1000 iterations of SHA-1 hashing we end up with "862e52b42b26c0f7e2b6ef5f635226bf0fd3f7fb" as our final hash, very different from "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8" if we only hashed it once. Doesn't these iterations also count as a mean of salting? At the second iterations we are already hashing a 40 character long string, which means that an attacker has to either know for sure how many iterations we used (similarly an attacker could also guess our secret salt) or generate a rainbow table of all 1 461 501 637 330 902 918 203 684 832 716 283 019 655 932 542 976 combinations (16^40).

Additional q开发者_高级运维uestions regarding salting:

1. Do you use static or dynamic salts (nonces)? And why?
2. If you use nonces, how big do you make them and where do you store them (prefix, column, ...)?

I understand the added benefit of using nonces over static (long) salting, but I can't imagine any scenario where an attacker could put the effort necessary to pull off a successful brute force match (I think it's more probably they find an hash collision before that). Also, if we hash using nonces we need to issue two queries to the database instead of one (one to grab the nonce so we can compute the hash and another one to check it). Honestly, I can't understand why stretching alone isn't considered "secure".

Also, why are there so many people adopting SHA > 1 implementations? Isn't SHA-1 still secure? Should news applications use the newest SHA implementation available to hash sensitive data? What happens when "old" apps still using MD5 / SHA-1 need to migrate their hashes to a more recent implementation?