Actually I totes keep the salt in my users database–I MUST keep it in my database, because when the user comes back and tries to log in, I have to mash the pw they supply with the saved salt and then compare what I get to the encrypted_password that I have in my database. I’m sure that the implementation I’m using with railstutorial.org keeps the salt in the database because I added a column to the database with
$ rails generate migration add_salt_to_users salt:string
$ rake db:migrate
and everything. hahaha.

but at 86,400 a day, for a range of days, against a dictionary of passwords

yeah! oy.