Invalid handling of pwds longer than 72 chars with Blowfish

Blowfish ignore characters after the 72nd which can cause some issues.

Actual (invalid) behavior:

```
> hashy <72 'x'>
<hashed password>
> hashy <72 'x' + anything> <hashed password>
ok
```

Expected behavior:

```
> hashy <72 'x' + anything> <hashed password>
not ok
```
- [Same issue in PHP](https://wiki.php.net/rfc/password_hash_spec)
