patrickfav
commented
1 year ago Thank you for your PR!
Closed quinot closed 1 year ago
patrickfav
commented
1 year ago Thank you for your PR!
Andrew-Cottrell
commented
1 year ago I suggest the public field BCrypt.Version.DEFAULT_MAX_PW_LENGTH_BYTE be retained but marked deprecated, unused, and replaced by BCrypt.Version.MAX_PW_LENGTH_BYTE. Then it might be deleted a few releases later.
My code currently uses BCrypt.Version.DEFAULT_MAX_PW_LENGTH_BYTE and while I am aware I need to modify the code when I upgrade the library, others might not be aware, and a deprecation message may help them identify the issue and also enable them to decouple the modifications and the upgrade.
patrickfav
commented
1 year ago @Andrew-Cottrell good point, I re-introduced it with 0.10.1, see #48
NUL terminators play a role in keying only if the password is shorter than 72 bytes. For a password that is exactly 72 bytes, no cyclic repetition occurs in the key expansion phase, and no NUL is needed: the password can be used as-is; in other words, the NUL terminator should not be counted against the 72 bytes limit.
Adjust test cases accordingly. Test vectors in testReferenceValuesWithoutNullTerminator have been tested against the Python bcrypt module.