And they would be hashed using MD5!

But on a serious note, it's possible to individually salt passwords, and still match username & password in one query.