What are the steps to hashing and checking the password with Salt and Key?

What are the steps to hash the password during registration and logging in to a Salt and Key application?

Are the following steps considered correct when applied to an application?

1- During registration:


  1. Enter user password
  2. Hashing function creates unique salt
  3. Hash function adds the salt to the password
  4. Hashing function generates a unique key
  5. Hashing function uses the salted password with this key
  6. The password and salt are sent to the application database
  7. The key is sent to another database

2- During the registration:


  1. Enter user password
  2. The application returns the password of the entered username with the salt and the key
  3. The hash function adds the retrieved salt to the entered password
  4. The hashing function hashes the salted password with the retrieved key
  5. The application compares the two hash passwords for the user (the one registered in the application database and the one inserted).
  6. If both passwords are identical, the login takes place