Originally Posted by probi
Ahhh ok, that makes far more sense, I was thinking that the salt value was being created randomly on the fly.
You can create it random for each person, but not on the fly during lookup. You can also use both a constant value and a stored value if desired. The primary purpose is that should a db become compromised and data is retrieved, than even if you do generate a collision match to the known hashed password, it would not be the correct one (or rather, it likely won't be the correct one). A secondary pro is that multiple user's whom happen to have the same password won't look like they do.