They say salting a password and then hashing it will be far more secure. We all Know that passwords are salted and then hashed, eventually get stored in databases. During Data breaches a hacker can get password(salted and hashed) along with salt because salt is also stored in the databases for validation purpose. Then why it is not easy to crack if the hacker can get both salt and password which is salted and hashed? I thought that after getting the salt a hacker can found what password(salted and hashed) is it and then he can remove the salt from it to get the original password!
consider for example:(this is how I am thinking the things are happening) my password: Harivignesh123 salt to be added : 1$2$3
my new salted pass could be : Harivignesh1231$2$3
In database: password(salted and hashed) : 8a84dbd1ab769dfdeaf389a38a91feb7f0a3d9ea5e34254775dd66a5b82a402d salt: 1$2$3
After hacker got data from data breach: by some method( may be using hashcat) he found that my password is : Harivignesh1231$2$3 he also know that my salt is(because it is also stored in database): 1$2$3
so he can remove 1$2$3(salt) from the password and yeah he found it right? is it that easy? then how could it be more secure as they say! or salting is just to make sure every password is unique?
Help this newbie to come over this doubt and please point out if I am wrong with my thinking and thank you very much for your explanation in advance!
Because users pick predictable passwords, and there are databases of hashes for likely passwords - NIST quote an entropy figure of 4-bits per character. These databases are called Rainbow tables. Using a salt means the attacker needs to compute all the hashes again using the salted value.