oiskuu - yeah, I saw that. However looking at Crypt_(C) wikipedia page, "2a" is ambiguous. I felt dirty swapping in 2y when I'm really creating a 2a variant. I decided explicitly calling htpasswd which uses non-ambigiously, safe 2y.

Response to updates - Wowza! You really went the extra mile on analyzing the Crypt::Eksblowfish::Bcrypt implementation - thank you! That's totally cool. I'll strongly consider removing the capturex() call given all your research. thanks again!