The idea behind salting is that you expand the possible options to the point where rainbow tables can't be precomputed. The characters comprising your users usernames would likely be a smaller set than the characters you would use for a random string. As such it would be easier to backtrack to the password from the username salt than a random salt. It's a trade off between storage capacity/simplicity and security.
Previously I've used a hash of site-wide random string - password - user specific random string. For my latest project I've moved to phpass which is an implementation of bcrypt. My understanding is that in terms of security:
Previously I've used a hash of site-wide random string - password - user specific random string. For my latest project I've moved to phpass which is an implementation of bcrypt. My understanding is that in terms of security:
bcrypt > stretched salted hash > hashed salted hash > salted hash > hash > plaintext