pyca/bcrypt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix readme (#1118)

Browse Source
This commit is contained in:
Aleksa Majkić 2025-12-06 00:49:20 +01:00 committed by GitHub
parent 296f5d086b
commit d69764ddac
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.rst
View File

@ -123,8 +123,9 @@ As of 3.0.0 the ``$2y$`` prefix is still supported in ``hashpw`` but deprecated.
Maximum Password Length
~~~~~~~~~~~~~~~~~~~~~~~
The bcrypt algorithm only handles passwords up to 72 characters, any characters
beyond that are ignored. To work around this, a common approach is to hash a
Passing ``hashpw`` a password longer than 72 bytes now raises a ``ValueError``.
Previously the password was silently truncated, following the behavior of the
original OpenBSD ``bcrypt`` implementation. To work around this, a common approach is to hash a
password with a cryptographic hash (such as ``sha256``) and then base64
encode it to prevent NULL byte problems before hashing the result with
``bcrypt``: