I understand that salt makes it harder to use rainbow table to find password given a table of hashed password.
But since you already have a table of hashed password, meaning the server is already compromised, why can't you have each user's salt as well?
>>8729305
You typically do have the salts in the password file, but even knowing the salt doesn't mean you know the hash. You have to run the hash function for each line, because matched hashes don't correspond to matched passwords if they're salted.
If 1000 people in your database used 'password' as their password, an attacker would crack all of them by cracking one. Salts prevent this.
>>8729305
>But since you already have a table of hashed passwords
No, you have a table of salted hashes.
what would happen if I used an username as a salt