bcrypt icon indicating copy to clipboard operation
bcrypt copied to clipboard
verified publisher icon pyca

Raise ValueError if password is longer than 72 bytes

Open paketb0te opened this issue 9 months ago • 1 comments

See discussion in #969

Moved some existing test cases (that ensured bytes after the 72th were truncated) to a separate fixture and wrote new tests to assert an exception is raised.

test_2a_wraparound_bug is failing with this change, I have to better understand what exactly this is doing and if/how it should be updated.

paketb0te avatar Mar 10 '25 18:03 paketb0te

test_2a_wraparound_bug was introduced in #81 (which closes #80, which has a link to THIS - which proposes to set an upper limit on the key_len (which I assume is used internally for the hashing algorithm?), in addition to truncating the key.

My understanding is that this test becomes obsolete if we reject longer passwords in the first place -> not sure if I should delete it, or update it to match the new behavior :thinking:

@reaperhulk any preference?

paketb0te avatar Mar 11 '25 09:03 paketb0te

Yeah this looks good.

reaperhulk avatar Jul 04 '25 04:07 reaperhulk

closes #969 :)

paketb0te avatar Jul 04 '25 08:07 paketb0te