[Stefan_H]

Sure - but the idea of salting is to make the dictionary too time consuming to create. The security is NOT in how secret your methods are (it rarely is).

Additionally, each salt is still unique per password, so the attacker would need to generate a full dictionary per record that they want to crack - generally not worth it.

[seanalltogether]

I was thinking more along the lines of just running the top 100 passwords through each user

[Stefan_H]

Salting is no replacement for strong passwords, this would work against most any salting scheme.

[seanalltogether]

Not if part of the information is kept in code only, like iteration count on bcrypt

[Stefan_H]

There is a chance that if your DB is compromised, your code is as well. Additionally, what if you want to change your work factor, how would you handle doing that? If you upgrade your server environment and then all of a sudden realize that your hashing algorithm only take .1 seconds, when it used to take .5 you might want to change it.

[ZoFreX]

While that may slow down an attacker in some circumstances, a sufficiently secure password scheme will still be secure with total knowledge of the system available to the attacker. See also: security through obscurity.