Oleg Shubin wrote:I think what you've meant to say is that even having several hashes of a password does not make it much easier to "crack".
No. What I meant is that, if you use the correct algorithms, your question becomes meaningless.
If my question was "Is it easier to hit nails with a Phillips screwdriver or with a blade screwdriver?" your answer would be "Use a hammer".
Don't use a screwdriver to hit nails into a wall. Don't use a hashing algorithm to hash a password. Use a key derivation algorithm. MD5 and SHA1 are not proper key derivation algorithms. They are susceptible to the kinds of attacks that Bear alluded to. PBKDF2 and bcrypt are not.