PHP password_verify verifying a password that is incomplete?

Question

I'm running into a weird issue with password_verify in PHP.

I generated a password hash using the following code:

$key = bin2hex(openssl_random_pseudo_bytes(32));
$salt = bin2hex(openssl_random_pseudo_bytes(16));
$hash = password_hash($salt.$key, PASSWORD_BCRYPT, ['cost' => 11]);

The following values were output

Key = 89b19c3ea20e978f6c1d60de8e4ff9baadffa51c654388a40c0624c9c577196e
Salt = 3c84972f78ee4841897a49c5261d7dcc
Hash = $2y$11$MRvQIALTzOFK6QMYvaFul.q69ZFZmwzchedlgzwCy9caOeEgXGtpu

I then have this function for verifying the password:

function authenticate($key, $salt, $hash)
{
    if (! password_verify($salt.$key, $hash)) {
        return 0;
    }

    return 1;
}

However, all of the following seem to return 1 :

authenticate(
    '89b19c3ea20e978f6c1d60de8e4ff9baadffa51c654388a40c0624c9c577196',
    '3c84972f78ee4841897a49c5261d7dcc',
    '$2y$11$MRvQIALTzOFK6QMYvaFul.q69ZFZmwzchedlgzwCy9caOeEgXGtpu'
); // Returns `1`

authenticate(
    '89b19c3ea20e978f6c1d60de8e4ff9baadffa51c',
    '3c84972f78ee4841897a49c5261d7dcc',
    '$2y$11$MRvQIALTzOFK6QMYvaFul.q69ZFZmwzchedlgzwCy9caOeEgXGtpu'
); // Returns `1`

Authentication doesn't seem to fail until I remove enough characters from the key I'm trying to authenticate and it's at this point: 89b19c3ea20e978f6c1d60de8e4ff9baadffa51.

authenticate(
    '89b19c3ea20e978f6c1d60de8e4ff9baadffa51',
    '3c84972f78ee4841897a49c5261d7dcc',
    '$2y$11$MRvQIALTzOFK6QMYvaFul.q69ZFZmwzchedlgzwCy9caOeEgXGtpu'
); // Returns `0`

Why is this happening?..

Side note: I know that there is no point in using a salt like this since password_hash will generate it's own salt. I'm not asking about that, if you want you can just think of it as one large string.