in reply to
This is consistent with how the crypt man page describes its workings. I'm quoting from a RH6.2 system here:
"The returned value points to the encrypted password, a series of 13 printable ASCII characters (the first two characters represent the salt itself)."
This is also what the perl crypt docs imply as well. You can see in the sample code that the first two chars are extracted from the stored password to get the salt value. This is how crypt() has worked for a very long time.
Negaterd character class uber alles!