Steps to reproduce the issue

Primarily an issue with php 7.0.0 - 7.1.0RC3 and hhvm, where the result of JUserHelper::getCryptedPassword() could be *0 and/or Deprecated: crypt(): Supplied salt is not valid for DES indicating a failure when the salt is malformed or too short

Use the following

$encryption = 'crypt-blowfish';
$plaintext = 'mySuperSecretPassword';
$salt = '';
$newSalt = JUserHelper::getSalt($encryption, $salt, $plaintext);

Expected result

The salt for crypt-blowfish should be correctly formed as per the php manual crypt() instructions

The expected size is at least 30 characters in the form

For example, a complete salt should look like '$2a$07$usesomesillystringforsalt$'

Actual result

The salt generated for crypt-blowfish is only 16 characters in length. and is missing necessary information.

mock examples with failures of a mocked version of JUserHelper::getCryptedPassword()
https://3v4l.org/Is24j

System information

Primarily an issue with php 7.0.0 - 7.1.0RC3 and hhvm, php less than 5.6 seems to not have an issue with 16 char salts

Additional comments

salt generated at these lines https://github.com/joomla/joomla-cms/blob/staging/libraries/joomla/user/helper.php#L569-L578

We also need to adjust the unit test JUserHelperTest::testGetCryptedPassword to expect 60 characters rather than 13 characters

There maybe BC issues for anything previously stored with the old method