Hash salt (was Re: BCRYPT - Why not using it?)

[Ron Johnson <ron.l.johnson@cox.net>]

On 04/06/2011 08:19 PM, Aaron Toponce wrote:
[snip]
> First, if you don't have the salt, but you do have the hash, then a rainbow
> table attack is completely pointless. Reason being is rainbow tables store
> hashes with a 1:1 ration to text. How the table is traversed is another
> story, but the fact remains that one hash will lead you to one piece of
> text. Now add a salt. If the salt is unknown, the length of the salt is
> 8 characters, and the characters used in the salt are [A-Za-z0-9./], or 64
> characters, then there are effectively 64^8 possible hashes for one

The OS must store the salt somewhere, in order to correctly authenticate 
the user when he logs in.  But I've never heard of /etc/hashsalt so what 
am I misunderstanding?

--
"Neither the wisest constitution nor the wisest laws will secure
the liberty and happiness of a people whose manners are universally
corrupt."
Samuel Adams, essay in The Public Advertiser, 1749