Hello, so according to this, the current prefix in IPS source is $2a$ which presents slight security risk, but as of PHP 5.3.7, documentation states that $2y$ should be used in preference to $2a$.

I know that backward compatibility is important (websites below PHP 5.3.7) but I think there should be an option to use different blowfish prefix. I would like to switch to $2y$ prefix because a module I'm using to bridge IPS to server only supports aforementioned prefix.

Bump - I would really like the option to switch prefix be implemented. Is there any way to use hooks? To change prefix after they login (and use $2y$ for registration)?

Any feedback on this from developers would be very appreciated.

We will be changing this in an upcoming version. Your code will likely work fine as the two prefixes only produce different results for password which contain characters with the 8th bit set.