It's worth pointing out that your code assumes the old DES-based crypt algorithm, which is highly crackable with modern hardware. A lot of systems are switching to MD5 crypt (which uses special salts that start with "$1$") or eksblowfish ("$2x$"). You might experiment with your particular crypt function and see if it accepts salts of this form.
> perl -e 'print crypt("foo",q[$1$bar$]), "\n"'
$1$bar$gJTJurciWk9pIaPpodyiw.
> perl -e 'print crypt("foo",q[$2x$bar$]), "\n"'
$2zJyhpjk3l9E
The output above is from a slackware system. It recognized "$1$bar$" as an MD5 salt, and kept the entire string in its output. However, it interpreted "$2x$bar$" as an old-style DES salt, and only kept the first two characters. If your system accepts both MD5 and DES crypted passwords (like mine), you want to make sure you're using MD5 -- John cracks DES 30 times faster than MD5 on my machine.
Here's a trick I've seen for generating salts. What do you think?
$des_salt = substr(crypt(rand(), "aa"), -3, 2);
$md5_salt = '$1$' . substr(crypt(rand().rand(), '$1$aaaaaaaa$'), -9, 8
+) . '$';
This way, you don't need to include the details about crypt's output character set in your code. Why rand().rand()? Some rand implementations have a 32-bit internal state but only output 16 bits of randomness per call. (Notably, Solaris libc and whatever ActiveState for Win32 is built against both do this.)
Update: Tweak, tweak. Turns out the last byte of the crypted pass doesn't hold a full 6 bits of information, so avoid it. This doesn't make much difference with MD5 (since rand is never going to give you 48 bits of real information anyway), but it's a big hit against a DES-based salt. | 