How is the salt stored to make sure attackers won't just steal your salt anyway? Wikipedia says "the salt is stored along with the output of the one-way function" [1]. Does it means the server needs to store the salt for each user so it can authenticate the password?
As the defender, you don't care if the salt is obtained by the attacker. The salt is not a secret. It's only use is to ensure that each password is hashed as unique, even if the users chose the same password. Basically, it is for defeating precomputed databases (rainbow tables), nothing more.
How is the salt stored to make sure attackers won't just steal your salt anyway? Wikipedia says "the salt is stored along with the output of the one-way function" [1]. Does it means the server needs to store the salt for each user so it can authenticate the password?
[1] http://en.wikipedia.org/wiki/Salt_(cryptography)