Bcrypt rounds increase does not update passwords

Robert Buchholz avatarRobert Buchholz created an issue

When setting the _rounds parameter of the BCRYPTPasswordManager to a higher value, passwords should be upgraded when checking through the DelegatingPasswordManager.

Consider this example:

import cryptacular.core
import cryptacular.bcrypt
bcrypt_manager = cryptacular.bcrypt.BCRYPTPasswordManager()
password_manager = cryptacular.core.DelegatingPasswordManager(preferred=bcrypt_manager)
print password_manager.encode('fnord')
'$2a$10$T60swIc7ZjiXNz8BI90gn.LIP9DMS7FXrX1FejKvUzPD/ANL16eVy'

bcrypt_manager._rounds = 12
print password_manager.encode('fnord') # just to confirm
'$2a$12$HU8/LngLCVzSYgjbjCqSPO0WSp6iAlT1heJtshivRBqVr26FM/C8y'

error = lambda: 1/0 # raise
print password_manager.check('$2a$10$T60swIc7ZjiXNz8BI90gn.LIP9DMS7FXrX1FejKvUzPD/ANL16eVy', 'fnord', setter=error)
True

The last line should call the setter to reset the hash.

Comments (0)

  1. Log in to comment
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.