From: Roderick Schertler <roderick@argon.org>
Date: Thu, 10 Sep 1998 00:32:17 +0000 (-0400)
Subject: doc update for crypt()'s salt
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=e71965beff694bc98c9ae45ee14f91c321298f5b;p=p5sagit%2Fp5-mst-13.2.git

doc update for crypt()'s salt

	Message-ID: <21142.905401937@eeyore.ibcinc.com>

p4raw-id: //depot/perl@1846
---

diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod
index 2d7b251..b20981d 100644
--- a/pod/perlfunc.pod
+++ b/pod/perlfunc.pod
@@ -675,19 +675,25 @@ eggs to make an omelette.  There is no (known) corresponding decrypt
 function.  As a result, this function isn't all that useful for
 cryptography.  (For that, see your nearby CPAN mirror.)
 
+When verifying an existing encrypted string you should use the encrypted
+text as the salt (like C<crypt($plain, $crypted) eq $crypted>).  This
+allows your code to work with the standard C<crypt()> and with more
+exotic implementations.  When choosing a new salt create a random two
+character string whose characters come from the set C<[./0-9A-Za-z]>
+(like C<join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]>).
+
 Here's an example that makes sure that whoever runs this program knows
 their own password:
 
     $pwd = (getpwuid($<))[1];
-    $salt = substr($pwd, 0, 2);
 
     system "stty -echo";
     print "Password: ";
-    chop($word = <STDIN>);
+    chomp($word = <STDIN>);
     print "\n";
     system "stty echo";
 
-    if (crypt($word, $salt) ne $pwd) {
+    if (crypt($word, $pwd) ne $pwd) {
 	die "Sorry...\n";
     } else {
 	print "ok\n";