/etc/shadow (crypt shadow files at least) store 13 chars because the salt that is ues is stored as well as the encrypted password. May I suggest using MD5 digests for the passwords you are storing -- they have two advantages, first they allow long passwords, second crypt has some parts to it that make it easy to brute force (if not completely break it depending on its implementation).
For an example on the /etc/shadow files you may think of it this way:
Get actual cripted password salt from shadow:
$salt = substr($password_string_from_shadow, 0, 2);
$newpass = $salt . crypt($string_i_think_is_password,$salt);
$newpass is now a string you can push back to password file...
-Waswas |