The salt thing is fascinating. It turns out that allowing a random salt allows an attacker to use a specially crafted random salt. Generally salts add randomness to an input to avoid an attacker looking up the output from a known set of inputs. And that generally means picking a random number every time. In fact the playstation attack was because some developer hardcoded a single number that he chose randomly, instead of writing code to pick a new random number each time. So the fact that this situation is the opposite of that just shows how complex cryptography is and why you need to leave it to the experts.