On Sat, Jul 23, 2005 at 01:08:49PM -0700, Michael G Schwern wrote: > crypt() doesn't really encrypt, it hashes or digests. Yet perlfunc/crypt > talks about encryption. This seems misleading. I discovered this while > explaining that passwords aren't stored encrypted, they are hashed. This > not-encryption is done with the crypt() function--erk. > > So I think it makes sense for the crypt docs to stop saying it encrypts. > > I'm no expert in cryptographic terminology, can anyone confirm or verify this?
Well pedantically speaking, crypt() encrypts a block of zeros using a DES variation and the supplied password as a key, so yes it does encrypt; but yes, it's use is as as a secure hash, so maybe the description could do with some polishing. -- You never really learn to swear until you learn to drive.
