If the salt argument is not provided, one will be randomly generated by PHP each time you call this function.
So when I go: $hash = crypt("mypassword");
Is that the same as using md5 with a salt (if crypt was set to use MD5)? I don't want to get into a debate on how secure MD5 is but I would like to use a salt with it and it seems that if PHP is randomly generating one in crypt() then that would be more secure then me having a $salt variable that I defined lying around for someone to look at when they hack my site.
The only drawback I can find to this automatic salt is if it was running in a loop. Which seems to imply that there is a period before PHP picks a new random salt. Anyone know how long that is?
Oh and sorry for raising the dead thread earlier. Won't happen again.