Crypt()

The following sentences in at.php.net/manual/en/function.crypt.php can lead to misunderstandings:

"If the salt argument is not provided, one will be randomly generated by PHP each time you call this function. "
Comment: false for DES, true for MD5
...
"If you are using the supplied salt, you should be aware that the salt is generated once. If you are calling this function repeatedly, this may impact both appearance and security. "
Comment: true for DES, false for MD5

Two sentences nearby, and they are telling incompatible stories. At least I was confused for quite a time.
My analysis after some tests:

If the parameter 'salt ' is omitted, there are two possibilities:

• if the default encryption is Standard DES, there is a static salt provided. If you call crypt() with the same password again, the salt and the hash is the same. Effectively, there is no salt functionality. (untested)
• if the default encryption is crypt MD5, always random salt is added, and multiple calls of crypt with the same password provide different salt and hashes. I have tested this to be true.

Experiment (PHP version: 4.4.0 SuSE 10 and PHP version: 5.1.2 SuSE 11):

<?php
echo 'result: ' . crypt( 'somepassword ');
echo 'result: ' . crypt( 'somepassword ');
echo 'result: ' . crypt( 'somepassword ');
?>

result: $1$K2D8DGwq$b05uO37aMwO4rnDlB9Rsi1
result: $1$aPBvu2y.$213YVEs8/5m.jMCXSScly/
result: $1$dW3Xu2p6$nuCtJe2zzlgBMLxN2oZCx/


I hope, i can prevent some headache.