It was stated that the inclusion of the salt in the UNIX password scheme increases the difficulty of guessing by a factor of 4096. But the salt is stored in plaintext in the same entry as the corresponding ciphertext password. Therefore, those two characters are known to the attacker and need not be guessed. Why is it asserted that the salt increases security?

Explanation:

Salting alters the hash of a password so that it does not physically match the hash of another password. A salt and password are concatenated and processed with a cryptographic hash function. Salt prevents use of rainbow and hash tables to attacking and cracking passwords.

For example, a user has the password, "password000" and is put through a SHA1 hash. In the password database, all of the users with the password "password000" will have the exact same hash, because of the nature of hashing functions.  So, if an attacker breaches the database and brute force the password of the user mentioned above, he could look for all the hashes that match the original user's and would know their passwords are also "password000".

By applying a salt, the password hashes would no longer be identical to one another, even though the actual password is still the same. This requires the attacker to go in and attempt to brute force the second password (which has a different salt), even though it may be the same as the first.

In conclusion, it prevents an attacker from uncovering one password and subsequently uncovering multiple others.