thanks for the great responses guys. i guess what im really getting at though is, if crypt() will embed a salt in the value it returns automatically, is there any benefit to creating a salt to pass to the second argument and storing that as well? conceivably, passwords already have a salt using the default crypt() behavior, so the general benefit of salting should be supplied by said default behavior. my guess is that there would be *some* benefit to creating a user supplied salt. greater entropy or something, im not sure what... im just trying to rationalize creating a salt in userspace and storing that in the database as opposed to not. any takers for either case? -nathan
