Is “double hashing” a password less secure than just hashing it once?

Question

Is hashing a password twice before storage any more or less secure than just hashing it once?

What I\'m talking about is doing this:

$hashed_password         


        

Answer 1

I'm going to go out on a limb and say it's more secure in certain circumstances... don't downvote me yet though!

From a mathematical / cryptographical point of view, it's less secure, for reasons that I'm sure someone else will give you a clearer explanation of than I could.

However, there exist large databases of MD5 hashes, which are more likely to contain the "password" text than the MD5 of it. So by double-hashing you're reducing the effectiveness of those databases.

Of course, if you use a salt then this advantage (disadvantage?) goes away.