Opened 6 years ago
Closed 6 years ago
#29141 closed Cleanup/optimization (fixed)
Warning about password truncation with BCryptPasswordHasher incorrect
| Reported by: | Markus Holtermann | Owned by: | Markus Holtermann |
|---|---|---|---|
| Component: | Documentation | Version: | 2.0 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Reported privately by Christian Heimes:
The warning "Password truncation with BCryptPasswordHasher" on https://docs.djangoproject.com/en/2.0/topics/auth/passwords/#using-bcrypt-with-django is incorrect. BCrypt truncates on bytes not characters. For ASCII passwords that's 72 characters, but for Unicode passwords, this can be as short as 18 characters.
Change History (3)
comment:1 by , 6 years ago
| Has patch: | set |
|---|
comment:2 by , 6 years ago
| Needs documentation: | unset |
|---|
Note:
See TracTickets
for help on using tickets.
PR