The salt value is typically stored in plaintext on the server as it must be. If a compromise has led to a hacker having access to the hash values then you can very reasonably assume that the salt values are also available to the hacker.
As a consequence, it is actually desirable for the salt not to be too long (although I suspect that that is a largely theoretical consideration). The point is that given that the salt is available in plaintext, you don’t want too much entropy in the salt relative to the entropy in the user’s supposedly secret password.
Take a look at /etc/shadow on a current Linux system and you will see that the salt value is length 16 (although I am not sure whether that is base64 encoded or not).
