@magicalclick: What you're doing here is basically double hashing, and using a homegrown algorithm with no known security guarantees as the first hash. It's a terrible idea.

Additionally, the only reason that would be any more secure than just hashing the passwords is if the hackers don't know that you're doing it. This is security by obscurity, which is also a terrible idea.

Just salt the damn hashes, problem solved. Wink