Can password-hash be database specific? also, storing and verifying cleartext passwords