In moving from one server to another (with a MySQL MT backend on both machines), one of the problems I ran across was that crypt used MD5 on the old machine and Blowfish on the new machine. Even with a default mt-load, things weren't working. It turns out all the database schemas have varchar(40) for the password length, and Blowfish passwords can be quite a bit bigger.

"Nelson" encrypts to $2a$04$q....EC.../6....Pu....BWCytFBLNDBJ8Evwjn9dp5rWX5PASBq, while all the database records (with defaults) is $2a$04$q....EC.../6....Pu....BWCytFBLNDB.

I'd suggest upping the varchar size in the schema. 60 should do for Blowfish passwords.

Increasing the column size for passwords is not a bad idea. But are you sure that the new server is using Blowfish for crypt? that sounds a bit, er, fishy. The crypt function is intended as a one-way function (i.e. you can't derive the clear password from the encrypted password) and Blowfish is a two-way cypher.

May I ask how you're going to deal with migrating the passwords from one host to the other? SQL dump won't work if the new host uses a different encryption scheme, right? Or is crypt backward compatible?

Yup, Blowfish is indeed able to be used as a one-way crypt. FreeBSD 5.1 crypt man page. However, according to this slightly older man page, 60 may not be enough, it may need to be 72. But that manpage is from OpenBSD.

Basically I didn't migrate passwords. I did an initial load to get the "Nelson" password in Blowfish form, then droped the database and added the "$2..." to the user fields (only a handful) in the SQL file from the old server. Worked like a charm.