Comment Re:Hashed and salted is obsolete (Score 1) 80
It is fortunate because using a salt increases the complexity of cracking all passwords. A salt's purpose isn't to increase an individual user's password strength, but to increase the strength of the whole database. A salt makes it so that even if user1 and user2 have "12345" as their password, they each have an individual salt applied, so when a security breach happens, the hacker has to now crack each password individually - even though user1 and user2 had the same password, the work required to crack user1's password is worthless to crack user2's password. Combine that with a strong hash - like bcrypt - and the amount of work to break every password is extremely costly.
The very minimum a site should use these days is SHA-256. However, the really is no excuse not to use bcrypt. If a site is using MD5, it might as well be plaintext.