Tobias wrote:

However, since the salt is stored in plaintext in the shadow file, if you get that, the advantage of salt disappears.

Salt has no effect on the difficulty of attacking from a password prompt. It is only useful in attacks against the shadow file. Salt still increases the effort to attack a shadow file even though the salt is plainly visible. It greatly increases the cost of building a dictionary in advance, since it now has to be 4096 times larger. In effect it means the computational effort has to begin after you obtain the shadow file. It means an attacker can't prepare a dictionary, then use it repeatedly forever to look up passwords on every shadow file he can steal. The effort must be repeated on each occasion. Realistically, if the attacker has the means to obtain a shadow file (ie root) he probably doesn't need to crack a password. But if you are not using shadow files, your password file is a valuable target accessible to any user, not just root. Larger salt would be better... 4096 probably is not a large enough factor nowadays. LDAP uses 8 to 16 bytes of salt.