Blind hashing As proposed by Jeremy Spilman after the LinkedIn password hashes leak: Keep salts in the user records, but disassociate hashes from users To set a password: generate a random salt, compute the hash, store the salt in the user record, but store the hash separately To validate a password: search the entire hashes table for H(salt, password) To ensure there's only one active password (prevent backdoor passwords): To set a password: generate two random salts, compute two hashes, store salt1 and hash2 in the user record, store salt2 and hash1 separately To validate a password: look up salt2 by searching the entire hashes table for H(salt1, password), then check if H(salt2, password) matches hash2 It may be better to define hash2 = H(salt2, hash1, password)