Is “double hashing” a password less secure than just hashing it once?

Question

Is hashing a password twice before storage any more or less secure than just hashing it once?

What I\'m talking about is doing this:

$hashed_password         


        

Answer 1

From what I've read, it may actually be recommended to re-hash the password hundreds or thousands of times.

The idea is that if you can make it take more time to encode the password, it's more work for an attacker to run through many guesses to crack the password. That seems to be the advantage to re-hashing -- not that it's more cryptographically secure, but it simply takes longer to generate a dictionary attack.

Of course computers get faster all the time, so this advantage diminishes over time (or requires you to increase the iterations).