The "salt" is there to "spice up" the encrypted password, under DES effectively making it 4096 times more difficult to store all possible encrypted versions of a password. Up until recently, this made it impractical to store a decent dictionary encoded 4096 times over, requiring at least an 8GB drive. Now, though, with 160GB drives on the market, you can see how trivial it is to crack passwords.

The "salt" is also important to validate passwords. Without knowledge of the salt, you would have to crack it and this would slow down password validation in a huge way. Now, to check that your guess is correct, you just do: 
if (crypt($guess,$real) eq $real)
{
     # ...
}

[download]
Since the crypt function only uses the "salt" part of the second parameter, ignoring the rest, and since your guess encrypted with the same "salt" should be the same as the real encrypted version, your guess will only be correct if it encrypts the same.

Something I would like to point out is that the DES encryption used by default is very, very flimsy. You should use RSA instead, and this is, to the best of my knowledge, very well supported, though I'm sure someone else can provide specifics on a platform by platform basis. RSA uses a much more robust method of encryption, and the salt is much larger. I haven't heard of an RSA password cracking program that works as well as the old DES cracking ones which are now frighteningly efficient.

Here's a comparison:
CypherPasswordSaltCrypted
DESforknobFkFkM26CvyESMcI
RSAforknob$1$FkH.DxzR$$1$FkH.DxzR$RA4AHFtog6v3RTO8Fa60c0
Generating eight letters of salt instead of two is really simple. As long as they are formatted correctly, and you don't accidentally interpolate the $'s, that is.

In reply to Re: What's the idea of different salts in crypt()? by tadman
in thread What's the idea of different salts in crypt()? by jeorgen

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.