[eluser]slowgary[/eluser]
I never considered losing a db backup, makes sense either way to secure it the best way possible. What doesn't make sense to me though is storing your random salt in the same database. If the database is stolen, they have the salt. I though that was the purpose of having salt, it requires the source code to recreate the hash, so now a hacker needs your database and source code. It would make sense though if you used an existing field as your hash, like the user's zip code or email address. Then there's no obvious 'salt' field in your database table.