BCrypt wrap bug detected

Starting from [BCrypt](https://github.com/pyca/bcrypt) release - [v5.0.0](https://github.com/pyca/bcrypt?tab=readme-ov-file#changelog):

> * Passing ``hashpw`` a password longer than 72 bytes now raises a
  ``ValueError``. Previously the password was silently truncated, following the
  behavior of the original OpenBSD ``bcrypt`` implementation.

The internal check for BCrypt wrap bug in [_BcryptCommon/_finalize_backend_mixin()/detect_wrap_bug(indent)`](https://github.com/notypecheck/passlib/blob/main/passlib/handlers/bcrypt.py#L356), is failing with:

> ValueError: password cannot be longer than 72 bytes, truncate manually if necessary (e.g. my_password[:72])

Reproducible running [test_handlers_bcrypt](https://github.com/notypecheck/passlib/blob/main/tests/test_handlers_bcrypt.py) with latest [BCrypt](https://github.com/pyca/bcrypt) release.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

BCrypt wrap bug detected #18

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

BCrypt wrap bug detected #18

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions