Mysql slave state invalidating
Remember: there is only 32 bytes of actual output there, regardless of whether you represent it as hex or binary.
And since bcrypt can't take more than 56 bytes of input, you are clipping that down to the equivalent of 23 bytes. If you are currently using something else (say salted md5 or even just plain md5), you can migrate your passwords to scrpyt(current_hash()) without having to change everyone's password and/or wait for everyone to log in. An adversary who has the old hash, but not the plaintext that it represents cannot login because scrypt(H(H(value))) ! This is not considering the offline crackability of a compromised hash.
I think it's best to allow longer passwords for those who use long phrases.
It's easier to remember the full phrase than a truncated version.
That's not what a hack against 1Password, Last Pass, or similar product will look like.
On the flipside, isn't there a risk of moving too quickly?
Otherwise you're clipping your bcrypt input from "56 arbitrary bytes" down to "56 hexadecimal characters".
I haven't looked deeply at this, but using "key stretching" that clips your output characters to such a small space smells very suspect to me.
There's a certain culture of caution because there's something to be said for "if it aint broke, don't fix it." and even if something is broke, how certain are we that cool new encryption algorithm is better or safer?
You would probably want to use PBKDF2 as a key-stretching function rather than just naive SHA256.