[Django] #29141: Warning about password truncation with BCryptPasswordHasher incorrect

6 views
Skip to first unread message

Django

unread,
Feb 18, 2018, 8:03:42 AM2/18/18
to django-...@googlegroups.com
#29141: Warning about password truncation with BCryptPasswordHasher incorrect
-------------------------------------+-------------------------------------
Reporter: Markus | Owner: Markus Holtermann
Holtermann |
Type: | Status: assigned
Cleanup/optimization |
Component: | Version: 2.0
Documentation |
Severity: Normal | Keywords:
Triage Stage: Accepted | Has patch: 0
Needs documentation: 1 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Reported privately by [https://github.com/tiran Christian Heimes]:

The warning "Password truncation with BCryptPasswordHasher" on
https://docs.djangoproject.com/en/2.0/topics/auth/passwords/#using-bcrypt-
with-django is incorrect. BCrypt truncates on ''bytes'' not
''characters''. For ASCII passwords that's 72 characters, but for Unicode
passwords, this can be as short as 18 characters.

--
Ticket URL: <https://code.djangoproject.com/ticket/29141>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Feb 18, 2018, 8:25:23 AM2/18/18
to django-...@googlegroups.com
#29141: Warning about password truncation with BCryptPasswordHasher incorrect
-------------------------------------+-------------------------------------
Reporter: Markus Holtermann | Owner: Markus
Type: | Holtermann
Cleanup/optimization | Status: assigned
Component: Documentation | Version: 2.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Markus Holtermann):

* has_patch: 0 => 1


Comment:

[https://github.com/django/django/pull/9706 PR]

--
Ticket URL: <https://code.djangoproject.com/ticket/29141#comment:1>

Django

unread,
Feb 22, 2018, 7:45:03 AM2/22/18
to django-...@googlegroups.com
#29141: Warning about password truncation with BCryptPasswordHasher incorrect
-------------------------------------+-------------------------------------
Reporter: Markus Holtermann | Owner: Markus
Type: | Holtermann
Cleanup/optimization | Status: assigned
Component: Documentation | Version: 2.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Markus Holtermann):

* needs_docs: 1 => 0


--
Ticket URL: <https://code.djangoproject.com/ticket/29141#comment:2>

Django

unread,
Feb 26, 2018, 2:08:16 PM2/26/18
to django-...@googlegroups.com
#29141: Warning about password truncation with BCryptPasswordHasher incorrect
-------------------------------------+-------------------------------------
Reporter: Markus Holtermann | Owner: Markus
Type: | Holtermann
Cleanup/optimization | Status: closed
Component: Documentation | Version: 2.0
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Tim Graham <timograham@…>):

* status: assigned => closed
* resolution: => fixed


Comment:

In [changeset:"56a302f338761cdda3cc1116a89687051c7c005a" 56a302f]:
{{{
#!CommitTicketReference repository=""
revision="56a302f338761cdda3cc1116a89687051c7c005a"
Fixed #29141 -- Corrected BCryptPasswordHasher's docstring about
truncation.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/29141#comment:3>

Reply all
Reply to author
Forward
0 new messages