Often, they are prepended to the hash and stored in the same field. There is no need to store them separately - the point is to use a random salt for each password so that a single rainbow table can't be used against your entire set of password hashes.
Salt should be stored in an airtight container in a cool, dry, dark location. Salt can be purchased in bulk and repackaged for long term storage in smaller containers. Oxygen absorbers are not recommended when packaging salt for long term storage.
The salt is incorporated into the hash (encoded in a base64-style format).
For example, in traditional Unix passwords the salt was stored as the first two characters of the password. The remaining characters represented the hash value. The checker function knows this, and pulls the hash apart to get the salt back out.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With