Since the introduction of Rainbow tables, and using only hashed passwords (e.x: MD5) to stored passwords in database is not the best secured way.
When people talk about salted hashes, the always use it in this way hash(password . salt) or even hash(hash(password) . salt).
I don’t know why to use salt, and add extra entry for each password to store the salt?
Why don’t we just use hash(hash(password)), or even hash(hash(hash(password)))?
Is it more secure to put salt? or just the sense of being more complex?
You can build a rainbow table based on a dictionary for hash(hash(pwd)) in just twice the time as for hash(pwd) (even less because performance is mainly about disc writes) and it wouldn’t even be larger. Using salt greatly expands the size needed for the table up to the amount where it becomes impractical.
Also (even more important), users often have the same password. Without an individual salt per user, if you’ve broken one users password, you’ve broken all other users that have the same password.