How long should a salt be to make it infeasible to attempt dictionary attacks?

Question

I\'m designing an authentication system that works like the following:

1. User enters password
2. Salt is generated.
3. Password is hashed with whirlpool<

Answer 1

A salt is used to add additional random bits to the password to make certain attacks less efficient. So the more entropy the salt adds, the better.

Currently, PKCS #5 recommends a salt length of at least 64 bits entropy, the often recommended bcrypt uses 128 bits and you could even use more. But there certainly is a point where you won’t add additional practical complexity as the resulting complexity is already utopistic.

So you should have at least one unique salt per password so that only one password can be cracked at a time. At best, use a already proven password storage scheme.