Are hashed and salted passwords secure against dictionary attacks?

Question

I understand that salts make the same password hash to different values. However, salts are usually stored in the database with the password. So let\'s say I am attacker,

Answer 1

Nothing keeps an attacker from just guessing the password.

Salts just make it harder by forcing an attacker to hash the dictionary on a per-user (effectively, per-salt) basis.

To improve security, a tunable hash function is your best bet. Crank the time-per-hash up, making dictionary attacks impractical on whatever hardware your attacker is likely to have available.

Basically, read this.