diff options
author | Donald Stufft <donald@stufft.io> | 2015-10-20 09:42:43 -0400 |
---|---|---|
committer | Donald Stufft <donald@stufft.io> | 2015-10-20 09:42:43 -0400 |
commit | 211b9a1862c4074024a9895c1764060e6903fa71 (patch) | |
tree | cf8a3ff02d4f1334c2ff9fe033963e3dbcdc25a2 | |
parent | 7c77787a47a72ca323899cae11e6944a2d501864 (diff) | |
parent | 85490507426e1bcef43a3d998faae00f5ccf687b (diff) | |
download | py-bcrypt-git-211b9a1862c4074024a9895c1764060e6903fa71.tar.gz |
Merge pull request #52 from pyca/alex-patch-2
Document that bcrypt doesn't handle long passwords
-rw-r--r-- | README.rst | 15 |
1 files changed, 15 insertions, 0 deletions
@@ -84,6 +84,21 @@ Another one of bcrypt's features is an adjustable prefix to let you define what libraries you'll remain compatible with. To adjust this, pass either ``2a`` or ``2b`` (the default) to ``bcrypt.gensalt(prefix=b"2b")`` as a bytes object. +Maxmimum Password Length +~~~~~~~~~~~~~~~~~~~~~~~~ + +The bcrypt algorithm only handles passwords up to 72 characters, any characters +beyond that are ignored. To work around this, a common approach is to hash a +password with a cryptographic hash, such as ``sha512`` before hasing it with +``bcrypt``: + +.. code:: pycon + + >>> password = b"an incredibly long password" * 10 + >>> hashed = bcrypt.hashpw( + ... hashlib.sha512(password).digest(), + ... bcrypt.gensalt() + ... ) Compatibility ------------- |