Opened 7 years ago
Closed 7 years ago
#29141 closed Cleanup/optimization (fixed)
Warning about password truncation with BCryptPasswordHasher incorrect
Reported by: | Markus Holtermann | Owned by: | Markus Holtermann |
---|---|---|---|
Component: | Documentation | Version: | 2.0 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Reported privately by Christian Heimes:
The warning "Password truncation with BCryptPasswordHasher" on https://docs.djangoproject.com/en/2.0/topics/auth/passwords/#using-bcrypt-with-django is incorrect. BCrypt truncates on bytes not characters. For ASCII passwords that's 72 characters, but for Unicode passwords, this can be as short as 18 characters.
Change History (3)
comment:1 by , 7 years ago
Has patch: | set |
---|
comment:2 by , 7 years ago
Needs documentation: | unset |
---|
Note:
See TracTickets
for help on using tickets.
PR