[eluser]slowgary[/eluser]
I see. So basically you could name your salt field 'password_salt' and it doesn't really matter that it's apparent, because it will also be apparent to the 'hacker' that using the rainbow table method won't work - UNLESS, of course, they're only after 1 password because it something like sensitive financial data and getting 1 password means jackpot. I still vote for using an existing field as the salt because it still serves the same purpose except now the hacker doesn't know the salt unless they also have the code - in that case, the hacker would be YOU!