doc update for crypt()'s salt

	Message-ID: <21142.905401937@eeyore.ibcinc.com>

p4raw-id: //depot/perl@1846

diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod
index 2d7b251..b20981d 100644 (file)
--- a/pod/perlfunc.pod
+++ b/pod/perlfunc.pod
@@ -675,19 +675,25 @@ eggs to make an omelette.  There is no (known) corresponding decrypt
 function.  As a result, this function isn't all that useful for
 cryptography.  (For that, see your nearby CPAN mirror.)
 
+When verifying an existing encrypted string you should use the encrypted
+text as the salt (like C<crypt($plain, $crypted) eq $crypted>).  This
+allows your code to work with the standard C<crypt()> and with more
+exotic implementations.  When choosing a new salt create a random two
+character string whose characters come from the set C<[./0-9A-Za-z]>
+(like C<join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]>).
+
 Here's an example that makes sure that whoever runs this program knows
 their own password:
 
     $pwd = (getpwuid($<))[1];
-    $salt = substr($pwd, 0, 2);
 
     system "stty -echo";
     print "Password: ";
-    chop($word = <STDIN>);
+    chomp($word = <STDIN>);
     print "\n";
     system "stty echo";
 
-    if (crypt($word, $salt) ne $pwd) {
+    if (crypt($word, $pwd) ne $pwd) {
        die "Sorry...\n";
     } else {
        print "ok\n";