> And also whether "hashed" means salted and hashed or just simply hashed.
That really doesn't make that much of a difference anymore, given the fact that it's known information that's easily parseable. Rainbow tables are really just a quick convenience, but it's not like there aren't programs that can automate the process of getting and appending the salt to a password string and then just brute forcing. Even with something like bcrypt, you're still working against 1) infinite time and 2) users who don't understand how dangerous a weak password is.
That really doesn't make that much of a difference anymore, given the fact that it's known information that's easily parseable. Rainbow tables are really just a quick convenience, but it's not like there aren't programs that can automate the process of getting and appending the salt to a password string and then just brute forcing. Even with something like bcrypt, you're still working against 1) infinite time and 2) users who don't understand how dangerous a weak password is.