Re:Q and A (Score 1)

I have to agree - if I know your salt value, running a brute-forced, dictionary attack takes the same amount of time as doing it if it weren't salted. Brute-forcing takes the same amount of time as if it were unsalted. The only thing (I see) a salt protecting you from is a rainbow table that wasn't computed *with* the salt. Which is a semi-valid protection assuming your password is of a large-enough keyspace and length to make rainbow tables prohibitly expensive. If I discover my sysadmins are using '432' as their salt, I can go compute rainbow tables using that salt and then come back in a week/month/year with tables to use.