Maybe I’m not the first to think of this, but it just came to me. Instead of using a single string to season a whole site or saving each new salt with the salted hash, try using this method for simplicity. Take the string and concatenate itself after it. This way, both the value being encrypted and the salt are never known and it’s still simple to validate input. Might be helpful if you actually fear someone building new dictionaries for each salt… or quantum computers.
And Why I Love Comments
Smart people keep you from doing something you didn’t think through. So, don’t use this.