the password file for lousy passwords, amongst other things. Only the
guys wearing white hats should do this.
-Note that C<crypt> is intended to be a one-way function, much like breaking
-eggs to make an omelette. There is no (known) corresponding decrypt
-function. As a result, this function isn't all that useful for
+Note that C<crypt> is intended to be a one-way function, much like
+breaking eggs to make an omelette. There is no (known) corresponding
+decrypt function (in other words, the crypt() is a one-way hash
+function). As a result, this function isn't all that useful for
cryptography. (For that, see your nearby CPAN mirror.)
-When verifying an existing encrypted string you should use the encrypted
-text as the salt (like C<crypt($plain, $crypted) eq $crypted>). This
-allows your code to work with the standard C<crypt> and with more
-exotic implementations. When choosing a new salt create a random two
-character string whose characters come from the set C<[./0-9A-Za-z]>
-(like C<join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]>).
+When verifying an existing encrypted string you should use the
+encrypted text as the salt (like C<crypt($plain, $crypted) eq
+$crypted>). This allows your code to work with the standard C<crypt>
+and with more exotic implementations. In other words, do not assume
+anything about the returned string itself, or how many bytes in
+the encrypted string matter.
+
+Traditionally the result is a string of 13 bytes: two first bytes of
+the salt, followed by 11 bytes from the set C<[./0-9A-Za-z]>, and only
+the first eight bytes of the encrypted string mattered, but
+alternative hashing schemes (like MD5), higher level security schemes
+(like C2), and implementations on non-UNIX platforms may produce
+different strings.
+
+When choosing a new salt create a random two character string whose
+characters come from the set C<[./0-9A-Za-z]> (like C<join '', ('.',
+'/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]>).
Here's an example that makes sure that whoever runs this program knows
their own password:
on your favorite CPAN mirror for a slew of potentially useful
modules.
+If using crypt() on an Unicode string (which potentially has
+characters with codepoints above 255), Perl tries to make sense of
+the situation by using only the low eight bits of the characters when
+calling crypt().
+
=item dbmclose HASH
[This function has been largely superseded by the C<untie> function.]
print hex 'aF'; # same
Hex strings may only represent integers. Strings that would cause
-integer overflow trigger a warning.
+integer overflow trigger a warning. Leading whitespace is not stripped,
+unlike oct().
=item import
Interprets EXPR as an octal string and returns the corresponding
value. (If EXPR happens to start off with C<0x>, interprets it as a
hex string. If EXPR starts off with C<0b>, it is interpreted as a
-binary string.) The following will handle decimal, binary, octal, and
-hex in the standard Perl or C notation:
+binary string. Leading whitespace is ignored in all three cases.)
+The following will handle decimal, binary, octal, and hex in the standard
+Perl or C notation:
$val = oct($val) if $val =~ /^0/;
Sets the random number seed for the C<rand> operator.
-It's usually not necessary to call C<srand> at all, because if it is
-not called explicitly, it is called implicitly at the first use of the
-C<rand> operator. However, this was not the case in version of Perl
-before 5.004, so if your script will run under older Perl versions, it
-should call C<srand>.
-
The point of the function is to "seed" the C<rand> function so that
C<rand> can produce a different sequence each time you run your
-program. Just do it B<once> at the top of your program, or you
-I<won't> get random numbers out of C<rand>!
-
-If EXPR is omitted, uses a semi-random value supplied by the kernel
-(if it supports the F</dev/urandom> device) or based on the current
-time and process ID, among other things.
+program.
+
+If srand() is not called explicitly, it is called implicitly at the
+first use of the C<rand> operator. However, this was not the case in
+versions of Perl before 5.004, so if your script will run under older
+Perl versions, it should call C<srand>.
+
+Most programs won't even call srand() at all, except those that
+need a cryptographically-strong starting point rather than the
+generally acceptable default, which is based on time of day,
+process ID, and memory allocation, or the F</dev/urandom> device,
+if available.
+
+You can call srand($seed) with the same $seed to reproduce the
+I<same> sequence from rand(), but this is usually reserved for
+generating predictable results for testing or debugging.
+Otherwise, don't call srand() more than once in your program.
+
+Do B<not> call srand() (i.e. without an argument) more than once in
+a script. The internal state of the random number generator should
+contain more entropy than can be provided by any seed, so calling
+srand() again actually I<loses> randomness.
Most implementations of C<srand> take an integer and will silently
truncate decimal numbers. This means C<srand(42)> will usually
produce the same results as C<srand(42.1)>. To be safe, always pass
C<srand> an integer.
-Calling C<srand> multiple times is highly suspect.
-
-=over 4
-
-=item *
-
-Do B<not> call srand() (i.e. without an argument) more than once in a
-script. The internal state of the random number generator should
-contain more entropy than can be provided by any seed, so calling
-srand() again actually I<loses> randomness. And you shouldn't use
-srand() at all unless you need backward compatibility with Perls older
-than 5.004.
-
-=item *
-
-Do B<not> call srand($seed) (i.e. with an argument) multiple times in
-a script I<unless> you know exactly what you're doing and why you're
-doing it. Usually this requires intimate knowledge of the
-implementation of srand() and rand() on your platform.
-
-=back
-
In versions of Perl prior to 5.004 the default seed was just the
current C<time>. This isn't a particularly good seed, so many old
programs supply their own seed value (often C<time ^ $$> or C<time ^