how do i know worth of string which is often used as salt for joomla salt enhanced password file encryption??

Joomla creates a random salt for every password. Here you'll find valuable information about how to utilize the joomla techniques to create passwords:

From that bit you can observe the salt is saved following the password having a colon as delimiter.

$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword("blabla", $salt);
$password = $crypt . ':' . $salt;

[EDIT] I simply required to write an Authorisiation Validator with Zend_Auth to validate against a Joomla (1.) install and I decided to update the data here about this. A snip of my code.

$dbAdapter = Zend_Registry::get('jdb');
$this->_authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);

//Joomla 1.0 uses hashes in the form md5(passwort + salt) + salt
$users = new Users();
$hash = $users->getHash($value);
$salt = substr($hash, strpos($hash, ':') + 1);
$password = md5($context['password'] . $salt) . ':' . $salt;


Within the password area within the customers table, it is the bit following the ":"

The formula is one thing like

password DB area = md5(password + salt) + ":" + salt

Unfamiliar with joomla particularly, but many salted passwords either retain the salt within the password string, seperated my a delimiter (typically $ as well as other non alphanumeric character). Or it might be saved inside a seperate column within the db table

If joomla is at random producing the salt every time, how on the planet will it validate user's logins against it. I figured normally the salted password was said to be saved somewhere as regular text and also you validated from the hashed version of this and hashed password.