Understanding Password + Salting

Question

I'm having trouble understanding the benefits of storing user data in a database table using salting. The process I have set up is as follows:

1. User creates account with username/password
2. A random salt is generated.
3. Username stored in database, password encrypted and stored, salt stored along side password.

Now when a user attempts a login, they provide their username/password and:

1. Finds salt in database based on username.
2. Encrypts cleartext password provided using salt from database.
3. Compares the stored password and user provided password.

This is all fine and dandy, but doesn't a hacker merely have to guess the username and password combo? As long as they can determine a username, they can retrieve the salt. Using a brute force attack they would only need to determine the correct username/password combo. The salt would be retrieved with just the username and added to the provided password in order to compare to the stored password, so whats the point of using the salt anyways? Its not like the hacker has to guess the salt value. The password they provide is automatically encrypted with the salt from the database so as long as they know the username, its just a matter of guessing the password in cleartext.

Answer 1

The point of the salt is to force the hacker to attack each username one at a time rather than allowing him to attack all of them at once. Because each username has a different salt, the very same password would be stored differently for it. This defeats a rainbow table attack.