The salt in grub is always prepended with "$1$", This is Modular Crypt format where the number indicates the hash algorithm used: 1 = MD5, 2 = Blowfish, 3 = NTHash and the salt is then terminated with a "$". The user's password hash is then created with the entered password and the pseudo-randomly generated salt and stored. The purpose of the salt is to prevent someone from comparing a pregenerated list of hashes to your hash (or prevent one cracked password from exposing all other accounts with same password). Because of the salt, you would have to use the salt with each brute force attempt, or use the salt on the dictionary to create a new hash list, and then you have to do it for each password you wish to crack using a different salt. Yes, JtR will crack them and as to why they arent used in databases is because some coders are shitheads, and plenty of people do use them in databases. For instance in PHP you have the the following description for crypt: "string crypt ( string str [, string salt] )"

-Maestr0