Comment Re:Unsalted hashes are worse. (Score 3, Insightful) 212
Yes, but slowing down a brute force attacker by a factor of the cardinality of the set of unique salts will almost certainly be a huge win, especially if the salts chosen are long enough where salt-collisions are rare to nonexistent. 6.5 million accounts were compromised; requiring someone to have 6.5 million times as much compute resources to compromise all passwords is nothing to sneeze at.
Of course, salts don't help you in the case where a well determined attacker isn't after 6.5 million accounts but rather just one specific account, but that's not what they are intended to help with.