Hello Deepak,

It is true that if you want to further improve security it is best to keep the salt apart. But for most cases I don't think it is necessary. Even if you have the salt you would have to try all the key combinations in plain text to see if you get the same hash and this, for each key you want to compare the hash. So, what I do think is important is that the user's key follows a strict enough security policy (size, numeric and alphanumeric characters, uppercase) to make the key secure and make it difficult to launch a dictionary attack.