I'm not an OpenBSD fan, Marsh. I'm close to the opposite. And I'm calling BS on this. I'm sure the OpenBSD people aren't nice to you, but it's probably not because you found flaws in OpenBSD code. I wasn't being flippant; the only thing Theo ever fucked with me over was not finding enough bugs.
As for the last part of your comment, we appear to be searching for reasons to disagree with each other, when in fact we agree that this finding has no impact on the security of bcrypt. Let's not find artificial reasons to disagree.
Yeah I've been off and on the OpenBSD lists a few times over the years and have said both really dumb stuff and insightful stuff. I'm not so much referring to any specific instance, just saying their reputation for being cranky and unwelcoming is well deserved.
I was wrong about bcrypt being a 192-bit narrow-pipe hash. While some parts of it are, reading the paper again the real work happens in the key expansion function having an internal state size of 33344 bits.
As for the last part of your comment, we appear to be searching for reasons to disagree with each other, when in fact we agree that this finding has no impact on the security of bcrypt. Let's not find artificial reasons to disagree.