How secure is storing salts along with hashed password

Question

If you had looked at table schema of asp.net membership system they store the hash of raw password along with salt used to produce it. see the schema below,

dbo.aspnet_M

Answer 1

The goal of salts is to slow down, not prevent outright, the possibility of hacking your database. But it slows the hacker down considerably! From a mere few seconds to, depending on the algorithm, length of salt, and other facters, hours, months, or universe lifespans.

That said, you must store salts with salted passwords, otherwise it is impossible to verify the passwoards after the fact.

There are a few things you can do to make the whole thing more secure:

1. Never use the same salt. It should be different for each password
2. Use a long salt. An GUID is generally a popular option. I usually generate them by getting the MD5 hash for a random number
3. If you want, you can run your hashing algorithm more than once. This lengthens the time it takes to brute force a password.