Opened 7 years ago

Closed 7 years ago

#29141 closed Cleanup/optimization (fixed)

Warning about password truncation with BCryptPasswordHasher incorrect

Reported by: Markus Holtermann Owned by: Markus Holtermann
Component: Documentation Version: 2.0
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Reported privately by Christian Heimes:

The warning "Password truncation with BCryptPasswordHasher" on https://docs.djangoproject.com/en/2.0/topics/auth/passwords/#using-bcrypt-with-django is incorrect. BCrypt truncates on bytes not characters. For ASCII passwords that's 72 characters, but for Unicode passwords, this can be as short as 18 characters.

Change History (3)

comment:1 by Markus Holtermann, 7 years ago

Has patch: set

comment:2 by Markus Holtermann, 7 years ago

Needs documentation: unset

comment:3 by Tim Graham <timograham@…>, 7 years ago

Resolution: fixed
Status: assignedclosed

In 56a302f:

Fixed #29141 -- Corrected BCryptPasswordHasher's docstring about truncation.

Note: See TracTickets for help on using tickets.
Back to Top