Right now I'm storing a salt and password_hash on the users table (pretty standard stuff).
The need arose to get a secure hash of another field for a user. Is there any risk in reusing the same salt used on the password? In other words, does using the same salt on several hashes make it easier to crack assuming the attacker had all the hashes along with the one salt? If so how much?
Thanks!
The point, and only usage, of the salt is to prevent an attacker from attacking several N elements for less than N times the cost of attacking one. Here, "attacking" means "trying possible values until one is found which matches the known hash value". Without a salt, an attacker could compare his hashed guesses with several hash values, thus sharing the cost of computing the hash; e.g. the attacker has several hash values to attack simultaneously, or the attacker builds a precomputed table of hash values for fast lookup (modulo a space/time swap, both attacks are identical).
If you use the same salt for the password of a user, and for another field, then an attacker could try to attack them both. This will be advantageous for the attacker only if potential values for the other field are also potential passwords, and vice versa. This may or may not apply to your context.
On a general basis, salts should never be reused, if only because consequences of reuse are not easy to detail exhaustively. I recommend that you refrain from reusing your salts.
