So the solution to this was to have a null return raise whatever errno provides (in the case of these tests EINVAL). This seems like the most logical way to handle errors in crypt to me. MRI if it detects non-ascii salts it uses first two bytes of whatever the salt is and the or's them to make sure they fit into ascii space. Then they use that? I don't understand the reasoning behind this but I highly doubt anyone is depending on this behavior because it only works for crypt with DES which increasingly is not used by anyone. I would also be a little disturbed if I was using DES and provided a salt and then saw that the salt was not preserved in the generated crypt string.