The straight implementation of bcrypt only uses the first 72 characters of a passphraase. Whilst this is sufficient for most needs, it would also make sense to pre-hash with SHA-2 to use the full passphraase, and make this the default option. (The straight bcrypt option would remain available for compatibility with other implementations).
The straight implementation of bcrypt only uses the first 72 characters of a passphraase. Whilst this is sufficient for most needs, it would also make sense to pre-hash with SHA-2 to use the full passphraase, and make this the default option. (The straight bcrypt option would remain available for compatibility with other implementations).