Security warning about crypt default salt.

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@32309 c90b9560-bf6c-de11-be94-00142212c4b1

functions/strings.xml

@@ -392,7 +392,7 @@ $new_string = chunk_split (base64_encode($data));
      crypt function for more information.
     </para>
     <simpara>
-     If the salt argument is not provided, it will be randomly
+     If the salt argument is not provided, one will be randomly
      generated by PHP.
     </simpara>
     <simpara>
@@ -402,13 +402,19 @@ $new_string = chunk_split (base64_encode($data));
      by the salt argument.  At install time, PHP determines the
      capabilities of the crypt function and will accept salts for
      other encryption types.  If no salt is provided, PHP will
-     auto-generate a standard 2-character DES salt by default unless
-     the default encryption type on the system is MD5 in which case a
+     auto-generate a standard 2-character DES salt by default, unless
+     the default encryption type on the system is MD5, in which case a
      random MD5-compatible salt is generated.  PHP sets a constant
      named CRYPT_SALT_LENGTH which tells you whether a regular
      2-character salt applies to your system or the longer 12-char MD5
      salt is applicable.
     </simpara>
+    <simpara>
+     If you are using the supplied salt, you should be aware that the
+     salt is generated once. If you are calling this function
+     recursively, this may impact both appearance and, to a certain
+     extent, security.
+    </simpara>  
     <simpara>
      The standard DES encryption <function>crypt</function> contains
      the salt as the first two characters of the output.