Also, hope the salt was not in the same repository....
That shows a *profound* misunderstand of what "salting" means. The salt is stored in the database along with the hashed password. It is not, in any way, intended to be secret.
The point is that different users will have different salts, and what is stored in the database is the hash of the salt+password. This means that the attacker must try common passwords for each individual user (well, individual salt), and can't just hash all the common passwords once, and then look up each user's hashed password in that list.
Biting the hand that feeds IT
