Sometimes bcrypt()
returns a hash it cannot validate with the same passphrase.
So the following code fails:
bcrypt_check($pass, bcrypt($pass, "2b", 4, urandom(16)))
I've seen this happen in CI runners, and started to dig a bit deeper. Usually after ~10 invocations of bcrypt() or so from process startup.