salting is a different technique for protecting from rainbow table attacks. If the attacker has precomputed the hashes for a bazillion potential passwords, having the salt "salt" added to you password prior to its hash value being obtained will make their table worthless. Of course you would use some random string for the salt. But salting doesn't slow down the time it takes them to guess passwords like PKCS5 does, it just makes previously generated password => hash databases worthless. Both can be combined .