A 12-bit salt is used to perturb the DES algorithm, so that the same password plaintext can produce 4,096 possible password encryptions. A modification to the DES algorithm, swapping bits i and i+24 in the DES E-Box output when bit i is set in the salt, achieves this while also making DES encryption hardware useless for password guessing.
The 64-bit constant ``'' is encrypted 25 times with the DES key. The final output is the 12-bit salt concatenated with the encrypted 64-bit value. The resulting 76-bit value is recoded into 13 printable ASCII characters.
At the time traditional crypt was conceived, it was fast enough for authentication but too costly for password guessing to be practical. Today, we are aware that it exhibits three serious limitations: the restricted password space, the small salt space, and the constant execution cost. In contrast, bcrypt allows for longer passwords, has salts large enough to be unique over all time, and has adaptable cost. These limitiations therefore do not apply to bcrypt.