so if I’m understanding correctly: salting is adding characters that are hard coded to write to a password upon creation, whereas peppering adds completely random and unknown characters to a password?