php – 使用crypt(),我的应用程序如何验证随机生成盐的密码？

我在PHP社区页面上找到了这个：

<?php
function md5crypt($password){
    // create a salt that ensures crypt creates an md5 hash
    $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
                    .'abcdefghijklmnopqrstuvwxyz0123456789+/';
    $salt='$1$';
    for($i=0; $i<9; $i++){
        $salt.=$base64_alphabet[rand(0,63)];
    }
    // return the crypt md5 password
    return crypt($password,$salt.'$');
}
?>

这样的事情与以下相比如何：

<?php
// Slightly modified example from PHP community page

$password = trim(mysql_prep($_POST['password']));

// Get the hash,letting the salt be automatically generated
$hashed_password = crypt($password);
?>

这是另一个question的摘录：

However,the PHP crypt() function can
use a variety of different hashes to
compute the hash. When you prefix your
salt with “$1$” you get a hash with an
MD5. When you prefix with $2$you get
a crypt with blowfish,which is more
secure.

The “$1$” is prefixed to the output so
that the hash can be verified. If it
wasn’t included,there would be no way
to know from the stored hash which
algorithm should be used! This
information would have to be stored
elsewhere. To save you this trouble
PHP includes the algorithm in the hash
output.

我的头脑有点关于哈希,加密和盐…但真正让我困惑的部分是如何比较用户输入的密码与盐渍哈希密码,如果盐是在用户创建时随机生成的.. .并且没有存储 – 并且最重要的是,如果您必须指定正确的前缀以便能够在用户返回时再次验证密码,那么将crypt()与自动盐一起使用的重点是什么？