Re: Have had the e-mail this morning
> If the random text is truly random on a per account basis,
It is. It needs to be unique per account. The gain in security comes because it is impractical to pre-compute and store rainbow tables for all possible values of the salt. If you used a single salt for all of your records it would be practical for an attacker who discovered it to compute rainbow tables to discover your passwords.
> there must be a record of it somewhere
Yes, you can either store it separately, e.g. in its own field in the user's record in a database, or concatenate it to the hashed password (used for Unix /etc/passwd at some point).
> they simply need to subtract the details of column 'X' (or whatever it's called) from the password to get back to the user's password.
It doesn't work like that. You calculate/store/compare hash(salt + password). For a decent hash function subtracting the salt from the hash doesn't give you the password.