Values to use for a salt?

My understanding is that salts are used to help deter dictionary attacks where 
the attacker has created a pre-hashed list of passwords and comparing them 
against the actual hashed passwords.  Using salts means the attacker must 
compute all possible values of the password in the dictionary plus by the 
possible salts, which makes it computationally unfeasable.

Someone suggested recently of using the password as the salt.  I have never 
seen this discussed before, and would like to get opinions of it.  What would 
be wrong with this, especially if it were altered in some way before being 
used, such as using a simple replacement table to change letters to special 
characters?  This way, the salt would not have to be stored because it would be 
a derivative of the password.  How would this differ from the traditional 
approach of generating a random salt and storing with the hashed password?

Also, how much less secure would it be to use a user ID as the salt instead of 
a random salt that then has to be stored?  I've been thinking about these, but 
feel I am missing important ideas.

Thank you for any thoughts you can give.

-Craig


_____________________________________________________________
Fight the power!  BlazeMail.com