26Haz
Multiple Layers of Hashing when storing passwords [duplicate]
A common principle in InfoSec is Defence-In-Depth.
When encrypting sensitive data, it might make sense to have the data encrypted a few times.
Veracrypt does this for example with the AES-Twofish-Serpent algorithm
A good practice is to store passwords for authentication databases in a secure hash format like bcrypt/argon2
But would it be possible / make sense to also have multiple layers of hashes to prepare for a scenario where a collision is found in one of the algorithms considered secure currently?
For example: take the plaintext password, hash it with BCrypt. Then hash the BCrypt hash with Argon2 and only store the Argon2 result in the database?