In my estimation, that's quite less than completely effective. You were right to question that.

However, the node you replied to used the first two of the entered password as the salt, then returned the remainder of the password, without that salt. This actually keeps the salt from needing to be stored at all, as it is supplied again every time the password is entered for authentication. This does, however, shorten the input to the plaintext portion of the hash by two bytes. I've not the expertise to surmise the net effect of this scheme without some serious consideration. Perhaps someone else can weigh the pros and cons easier than I.

Chris
911