diff --git a/Crypto/Cipher/Blowfish/Primitive.hs b/Crypto/Cipher/Blowfish/Primitive.hs
index 3fc4823..6fcd388 100644
--- a/Crypto/Cipher/Blowfish/Primitive.hs
+++ b/Crypto/Cipher/Blowfish/Primitive.hs
@@ -79,7 +79,9 @@ initBlowfish key
 -- Cost must be between 4 and 31 inclusive
 -- See <https://www.usenix.org/conference/1999-usenix-annual-technical-conference/future-adaptable-password-scheme>
 eksBlowfish :: (ByteArrayAccess salt, ByteArrayAccess password) => Int -> salt -> password -> Context
-eksBlowfish cost salt key = makeKeySchedule key (Just (salt, cost))
+eksBlowfish cost salt key
+    | B.length salt /= 16 = error "bcrypt salt must be 16 bytes"
+    | otherwise           = makeKeySchedule key (Just (salt, cost))
 
 coreCrypto :: Context -> Word64 -> Word64
 coreCrypto (BF p s0 s1 s2 s3) input = doRound input 0
diff --git a/tests/BCrypt.hs b/tests/BCrypt.hs
index 1f5e247..0a932f2 100644
--- a/tests/BCrypt.hs
+++ b/tests/BCrypt.hs
@@ -74,4 +74,5 @@ makeKATs = concatMap maketest (zip3 is passwords hashes)
 
 tests = testGroup "bcrypt"
     [ testGroup "KATs" makeKATs
+    , testCase "Invalid hash length" (assertEqual "" (Left "Invalid hash format") (validatePasswordEither B.empty ("$2a$06$DCq7YPn5Rq63x1Lad4cll.TV4S6ytwfsfvkgY8jIucDrjc8deX1s" :: B.ByteString)))
     ]