Opened 7 months ago

Closed 7 months ago

#29141 closed Cleanup/optimization (fixed)

Warning about password truncation with BCryptPasswordHasher incorrect

Reported by: Markus Holtermann Owned by: Markus Holtermann
Component: Documentation Version: 2.0
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Reported privately by Christian Heimes:

The warning "Password truncation with BCryptPasswordHasher" on https://docs.djangoproject.com/en/2.0/topics/auth/passwords/#using-bcrypt-with-django is incorrect. BCrypt truncates on bytes not characters. For ASCII passwords that's 72 characters, but for Unicode passwords, this can be as short as 18 characters.

Change History (3)

comment:1 Changed 7 months ago by Markus Holtermann

Has patch: set

comment:2 Changed 7 months ago by Markus Holtermann

Needs documentation: unset

comment:3 Changed 7 months ago by Tim Graham <timograham@…>

Resolution: fixed
Status: assignedclosed

In 56a302f:

Fixed #29141 -- Corrected BCryptPasswordHasher's docstring about truncation.

Note: See TracTickets for help on using tickets.
Back to Top