How are salts generated and validated in Phalcon

I'm reading the docs about generating passwords and it mentions that the salt is being generated. I don't see anything in the code to reflect this. Is the salt part of the password string (so therefor, I don't require a salt column?)

*"The salt is generated using pseudo-random bytes with the PHP’s function openssl_random_pseudo_bytes so is required to have the openssl extension loaded." http://docs.phalcon.io/en/latest/reference/security.html

edited Dec '14

The salt is generated by phalcon and is stored alongside the crypted password in the hashed string that phalcon returns.

So yes, there's no need for a salt column :)

The behavior is pretty much the same as php's password_hash

The initial part of the hashed string starts (usually) with $2a$ and indicates the algoright used. The salt should be undistinguable from the crypted password.