Password-hashing function (not a general hashing function). Takes fixed-size input and produces fixed-size output; most implementations silently truncate passwords to 72 bytes and stop at the first null byte (C-string semantics), repeating the string up to 72 bytes. The common Ruby binding refuses null bytes in passwords. These behaviors make bcrypt dangerous when combined with Devise's default 128-char password length and an appended pepper — '72 A's' and '72 A's + something' produce the same hash, enabling pepper leakage.