diff --git a/lib/Cake/Test/Case/Utility/SecurityTest.php b/lib/Cake/Test/Case/Utility/SecurityTest.php
index e7ddced30..153d1ad57 100644
--- a/lib/Cake/Test/Case/Utility/SecurityTest.php
+++ b/lib/Cake/Test/Case/Utility/SecurityTest.php
@@ -1,9 +1,5 @@
 <?php
 /**
- * SecurityTest file
- *
- * PHP 5
- *
  * CakePHP(tm) Tests <http://book.cakephp.org/2.0/en/development/testing.html>
  * Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
  *
@@ -12,7 +8,6 @@
  *
  * @copyright     Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
  * @link          http://book.cakephp.org/2.0/en/development/testing.html CakePHP(tm) Tests
- * @package       Cake.Test.Case.Utility
  * @since         CakePHP(tm) v 1.2.0.5432
  * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
  */
diff --git a/lib/Cake/Utility/Security.php b/lib/Cake/Utility/Security.php
index c9f41008d..7f84c9687 100644
--- a/lib/Cake/Utility/Security.php
+++ b/lib/Cake/Utility/Security.php
@@ -235,7 +235,7 @@ class Security {
 	protected static function _crypt($password, $type = null, $salt = false) {
 		$options = array(
 			'saltFormat' => array(
-				'blowfish' => '$2a$%s$%s',
+				'blowfish' => '$2a$%02d$%s',
 			),
 			'saltLength' => array(
 				'blowfish' => 22,
@@ -264,14 +264,11 @@ class Security {
 				), E_USER_WARNING);
 				return '';
 			}
-			$vspArgs = array();
 			$salt = self::salt($saltLength[$hashType]);
-			if ($hashType === 'blowfish') {
-				$bfCost = chr(ord('0') + $cost / 10);
-				$bfCost .= chr(ord('0') + $cost % 10);
-				$vspArgs[] = $bfCost;
-			}
-			$vspArgs[] = $salt;
+			$vspArgs = array(
+				$cost,
+				$salt,
+			);
 			$salt = vsprintf($saltFormat[$hashType], $vspArgs);
 		} elseif ($salt === true || strpos($salt, '$2a$') !== 0 || strlen($salt) < 29) {
 			trigger_error(__d(