Hash - Salting Your Password Best Practices

I ve always been curious... Which is better when salting a password for hashing: prefix, or postfix? Why? Or does it matter, so long as you salt?

http://blog.codinghorror.com/i-just-logged-in-as-you-how-it-happened/ http://blog.codinghorror.com/i-just-logged-in-as-you-how-it-happened/

So which is the better method, and why? Is there a method that decreases the chance of a hash collision? My Googling hasn t turned up a decent analysis on the subject.

  Edit:    Great answers folks! I m sorry I could only pick one answer. :)

Prefix or suffix is irrelevant, it s only about adding some entropy and length to the password.

You should consider those three things:

• The salt has to be different for every password you store. (This is quite a common misunderstanding.)
• Use a cryptographically secure random number generator.
• Choose a long enough salt. Think about the birthday problem.

http://stackoverflow.com/questions/536584/non-random-salt-for-password-hashes/536756#536756 http://stackoverflow.com/questions/536584/non-random-salt-for-password-hashes/536756#536756