diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-11-29 12:13:53 -0600 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-11-29 12:14:53 -0600 |
commit | 1994f9192ba4d29a5bb41954a77314b8280a8d0d (patch) | |
tree | d555c1ea1026533586d72cec95ef6bbc73473e5a | |
parent | 211b9a1862c4074024a9895c1764060e6903fa71 (diff) | |
download | py-bcrypt-git-1994f9192ba4d29a5bb41954a77314b8280a8d0d.tar.gz |
provide a better explanation for what to do with long passwords
-rw-r--r-- | README.rst | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -89,14 +89,15 @@ Maxmimum Password Length The bcrypt algorithm only handles passwords up to 72 characters, any characters beyond that are ignored. To work around this, a common approach is to hash a -password with a cryptographic hash, such as ``sha512`` before hasing it with +password with a cryptographic hash (such as ``sha256``) and then hex or base64 +encoding it to prevent NULL byte problems before hashing the result with ``bcrypt``: .. code:: pycon >>> password = b"an incredibly long password" * 10 >>> hashed = bcrypt.hashpw( - ... hashlib.sha512(password).digest(), + ... hashlib.sha256(password).hexdigest(), ... bcrypt.gensalt() ... ) |