Salting: Is it reasonable to use the user name?

Question

I am debating using user-names as a means to salt passwords, instead of storing a random string along with the names. My justification is that the purpose of the salt is to prev

Answer 1

I know this is an old question but for anyone searching for a solution based on this question.

If you use a derived salt (as opposed to random salt), the salt source should be strengthened by using a key derivation function like PBKDF2.

Thus if your username is "theunhandledexception" pass that through PBKDF2 for x iterations to generate a 32 bit (or whatever length salt you need) value.

Make x pseudo random (as opposed to even numbers like 1,000) and pass in a static site specific salt to the PBKDF2 and you make it highly improbable that your username salt will match any other site's username salt.