search

pyca / pynacl

Python binding to the Networking and Cryptography (NaCl) library
https://pynacl.readthedocs.io/
Apache License 2.0
1.07k stars 232 forks source link

pwhash.verify raises TypeError #578

Closed darkwyrm closed 4 years ago

darkwyrm commented 4 years ago

Pardon me if I'm completely missing something here, but I stumbled upon something which genuinely looks to me like a bug. Steps to reproduce:

>>> import nacl.pwhash
>>> nacl.pwhash.verify('foo','bar')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/owner/.local/lib/python3.6/site-packages/nacl/pwhash/__init__.py", line 65, in verify
    if password_hash.startswith(argon2id.STRPREFIX):
TypeError: startswith first arg must be str or a tuple of str, not bytes

I stepped through with pdb and discovered that argon2id.STRPREFIX is of type bytes instead of string. I ran across this on Ubuntu 18.04 with Python 3.6.9 but also with the current Windows build on Windows 10. In both instances, pynacl 1.3.0 was installed using pip.

alex commented 4 years ago

The arguments to verify() should be bytes instances, not str.