Thanks for your response. Please let me respond to your claims.
Regarding: "I really must dispute the effectiveness of this technique. It is better than storing just the MD5, but I don't think by much."
First, my using MD5 is merely a continuation of Jeff's examples from the original article. When you see MD5, please understand that it represents the hash function of your choice.
Second, the effectiveness of salting is not in dispute. It is a well-understood, well-studied method of making precomputed-dictionary attacks impractical. If you disagree on this point, please do some homework on salting before replying.
Third, salting does not make it impossible to mount offline attacks against a password database; rather, salting makes such attacks more costly because it forces each password to be attacked independently. That is, it raises the cost of a precomputed-dictionary attack on the entire database to the point where it exceeds a the cost of attempting to guess each password in the database individually.
Regarding: "It's one of those, what happens when the cracker has the table, and the begining of every password just happens to begin with another column in your password table."
What happens is that the cracker is forced to guess each password individually, and that's if he can live with obtaining only some of the passwords in the database. If he wants to get them all, he must brute-force the ones he can't guess, and that's expensive.
You can't do better than that. If the cracker has your database, he most likely has everything else of value from your severs as well: your "hidden" keys, your "secret" hashing methods, your executable code to examine, if not your actual source code. Any bit of information your code had access to, the cracker now has. So, the only question that matters is, Given that the cracker has all the information you have, how hard is it for him to recover passwords? If the answer is that he must guess or brute-force every single password he wants, that's as good as it's going to get (for any password-based authentication system). You simply can't do better.
Regarding: "I would think that a highly improved version of this would be you atleast store the MD5(MD5(salt) + MD5(password))."
I'm sorry, but your new hash function adds no protection. The resulting hashed value depends only upon the salt and the password, the same as before. Remember, attackers are not trying to reverse your hash function; rather, they are searching its input space, and you haven't enlarged the input space.
Regarding: "I can only assume you have this method in production, ..."
Yes. And so does everybody else who understands that you can't do better than forcing the other guy to guess or brute-force every single password he wants to obtain.
Regarding: "And also, at what level are you satisfied that as a worst case, the hacker has a botnet of computers at his disposal to run against your technique?"
Like I said, if the attacker can afford to brute-force a password, it's his. If he has the resources to brute-force the entire database, he can recover all of your passwords. That's just the way it is. There's nothing you or I can do about it.