Or hash it first using SHA3. Then you get the slowness of bcrypt (which is what you're using it for) and the variable length input of SHA3. You're only risk is a SHA3 collision, which is not something that is realistically going to happen.