I want to make sure that I understand the process of salting passwords for an upcoming security presentation, so if anyone can affirm, please do so:

This applies specifically to OSX (presentation is in a mac lab) and generally to *nix systems. My understanding is that when a user enters a new password, the password program selects a salt, normally based off random variables like the time of day, converts this to a character string and stores it (in the case of standard DES) in front of the encrypted string. When a user enters password at login, a password program retrieves the salt from the front of the encrypted string and uses it to properly encrypt the password entered then matches it to the one stored.

I assume the norm is to use random salt variables, however I have been told that sometimes a system-wide salt is employed. This doesnt seem to make sense for password encryption but maybe for file encryption.

Thanks