I have a #PHP 8.0 project where comparing legacy hashed passwords suddenly stopped working.
I think it's because older accounts are using blowfish ($2a$) and a salt of 21 characters but whatever it was falling back to stopped working because it wants a 22 character salt.
My client now has users with passwords I'm not sure how to validate because I can't replicate the hash.
I guess my next step is to just regenerate & email new passwords. But I don't like it.
