Opened 5 weeks ago

Closed 4 weeks ago

#29141 closed Cleanup/optimization (fixed)

Warning about password truncation with BCryptPasswordHasher incorrect

Reported by: Markus Holtermann Owned by: Markus Holtermann
Component: Documentation Version: 2.0
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Reported privately by Christian Heimes:

The warning "Password truncation with BCryptPasswordHasher" on is incorrect. BCrypt truncates on bytes not characters. For ASCII passwords that's 72 characters, but for Unicode passwords, this can be as short as 18 characters.

Change History (3)

comment:1 Changed 5 weeks ago by Markus Holtermann

Has patch: set

comment:2 Changed 4 weeks ago by Markus Holtermann

Needs documentation: unset

comment:3 Changed 4 weeks ago by Tim Graham <timograham@…>

Resolution: fixed
Status: assignedclosed

In 56a302f:

Fixed #29141 -- Corrected BCryptPasswordHasher's docstring about truncation.

Note: See TracTickets for help on using tickets.
Back to Top