>>	s = salt;	/* or s = hmac_sha512(site-specific-string, salt); */
>>	for (i = 0; i < num_iterations; i++)
>>		s = hmac_sha512(password, s);
>	hmm.  i see.  we should implement $2$ as openbsd does (there's no need
>	to be different), and the above algorithm can become $3$.

	minor correction - openbsd uses $2a$.  $2$ was used in the past but
	found to be buggy (if i understand correctly)

itojun