The salt has to be present in your system so you can use it to hash the provided password and check that it matches the hash you have on file. People usually keep it right next to the password.
The salt serves two functions:
Make rainbow table attacks more difficult
Obscuring cases where two users have the same password. If two users both use "blah7$monkey" as their password and you don't use a salt, they will hash to the same value.
If I steal your password database and I want to compromise one account, a salt offers no protection. Hash algo and password strength are what matter.
The salt serves two functions: Make rainbow table attacks more difficult
Obscuring cases where two users have the same password. If two users both use "blah7$monkey" as their password and you don't use a salt, they will hash to the same value.
If I steal your password database and I want to compromise one account, a salt offers no protection. Hash algo and password strength are what matter.