But read in quite a few different places that this is bad. But now I looked into salting the passwords. I read about using something fairly unique for the salt for every user. Like using their username as the salt. Or email. But say I wanted to use a completely random 16 char salt for every user. How do I go about storing the random salt for later use. Like when they go to log in. If I put it in the database isn't that just defeating the purpose. Because now if some hacker has my database with the MD5's and the salts to go with it they have everything they need.
Or I guess the hacker would have to generate a new rainbow table for each password because their all different salts. Right?