The bcrypt key derivation function only uses the first 72 bytes of the
input; when used directly on a password, this effectively limits
password length to 72 characters.

Allow for arbitrarily long passwords by hashing the password using
SHA-512 (which produces 512 bits, or 64 bytes, of output) before passing
it to bcrypt.