Blowfish crypt uses a 128 bit salt, not only the letters [./a-zA-Z0-9]. Despite the different salts, crypt ignores the salt and produces identical encrypted passwords.
The problem occurs on FreeBSD 7.2 with Python 2.5.5 (r255:77872) and Python 2.6.4 (r264:7570) (both from the ports)

python2.6 crypt_blf.py 
 salt: '$2a$05$)O\x0e9\xb7\xb0\xc9\xd6)v.\xd3\x03\xea!\xc1$'
$2a$05$t59ktwmm7.WpI...../5uuAazXv5nUvrWyN1EzMcL6/EQ0HrNyJwq
 salt: '$2a$05$\x1ak\x0c\xfbF\xf5\xdf\xb4\x99\xa6\x12\x81\x8d\xce\xea\x19$'
$2a$05$COgstwmm........../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey
 salt: '$2a$05$\x80:\x14\xbb\xc3R\x95\xb9\xcb\xf0#\x04\xbf"\xf7\xe9$'
$2a$05$COgstwmm........../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey
 salt: '$2a$05$i\x01 \x10\x13#\xe3\xdc\x80\x90[3\xd5@(\x96$'
$2a$05$COgstwmm........../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey
 salt: '$2a$05$<\xa8CY\xa6\x018\xe7\x0b}\x92\xd3\xa1L1\xfb$'
$2a$05$COgstwmm........../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey

I doubt this is a Python issue, since the crypt function does little more than wrap the system crypt function.

What does your man page for crypt say?  Are you sure you're providing a salt that the system crypt accepts?

FreeBSD's crypt(3) doesn't explain the 'salt' for Blowfish crypt exactly. OpenBSD's crypt(3) says: "The Blowfish version of crypt has 128 bits of salt in order to make building dictionaries of common passwords space consuming."

I wrote a few lines of C code. Copied the salts from the output above to it and cryt()ed "test". The result differs:
$2a$05$/Ae.aeamG.....O.../52uwMz3Q1WQSyWoWTy6zNndsrkAl2fnTn.

I hope I'll find some useful hints in the near future.

> FreeBSD's crypt(3) doesn't explain the 'salt' for Blowfish crypt exactly.

Reading:

http://www.freebsd.org/cgi/man.cgi?query=crypt&apropos=0&sektion=3&manpath=FreeBSD+7.2-RELEASE&format=html

and especially the section entitled "Modular crypt", it looks like your salt should take the form "$2$salt$ignored", where there are at most 8 characters of salt and the 'ignored' bit is ignored.

So your $2a$ looks wrong to me:  shouldn't it be $2$?  And after that, in the examples that you give, the only used portion of the salt is "05", which is the same in all the examples, so I'd expect to get the same output in each case.

I can't see any way that Python could be contributing to this:  if you look at the implementation (in Modules/cryptmodule.c), you'll see that the crypt function (called crypt_crypt in the source) really is a trivial wrapper around the system function;  there's no pre- or post-processing of arguments.

Can you attach the C code that's giving the different results?

$2a$12$saltysalt$ignored
 ^  ^  ^         ^
 |  |  |          \_ignored
 |  |  \_the salt
 |  \_number of rounds (04-31)
 \_ crypt id
 
About the crypt id:
I read too much Blowfish crypt related stuff in the recent both days. Can't 
remember exactly the difference between the IDs '2' and '2a'. The 
/etc/master.passwd on my OpenBSD contains encrypted passwords with the '2a' ID.

The C code is attached.

OpenBSD's crypt(3) mentions some bcrypt*() functions. One of this functions is "char * bcrypt_gensalt(u_int8_t log_rounds)". It produces salts like: $2a$04$7.zkQ.HPURlplcFTWgDL3u or $2a$04$l2SuIEWPqF4D3uMTABgBYO

Passing this salts to Pyton's crypt.crypt on FreeBSD works perfect.

Sorry for the noise.

Okay, thanks for the update!

Looks like the FreeBSD crypt manpage could use some work...