It's definitely wise to use both a salt and a pepper when hashing passwords. Don't bother with the switch statement, though, it's just security through obscurity. You're much better off keeping your security-related code as simple as possible so it's easier to notice bugs in it.