[cauterized]

What happens then if you want/need to rotate your password?

How does it deal with stupid password format restrictions?

[RubyPinch]

the salt gets changed

so, either password database + master password gets stolen, or salt database + master password gets stolen

[jjnoakes]

Except if the master db is stolen without the master password, one can throw guessed passwords at it and know when one worked (i.e. the db becomes readable).

Throwing passwords at a salt db gets you... what?

[cauterized]

But then if the salt is stored and the algorithm is known, doesn't the salt just essentially become the password, from a security standpoint?