I replaced Digest::MD5 with Digest::SHA1 which is probably a better choice for passwords anyhow. The problem went away. There must be a bug in Digest::MD5...