Issue #6 new

Bcrypt rounds increase does not update passwords

Robert Buchholz
created an issue

When setting the _rounds parameter of the BCRYPTPasswordManager to a higher value, passwords should be upgraded when checking through the DelegatingPasswordManager.

Consider this example:

import cryptacular.core
import cryptacular.bcrypt
bcrypt_manager = cryptacular.bcrypt.BCRYPTPasswordManager()
password_manager = cryptacular.core.DelegatingPasswordManager(preferred=bcrypt_manager)
print password_manager.encode('fnord')
'$2a$10$T60swIc7ZjiXNz8BI90gn.LIP9DMS7FXrX1FejKvUzPD/ANL16eVy'

bcrypt_manager._rounds = 12
print password_manager.encode('fnord') # just to confirm
'$2a$12$HU8/LngLCVzSYgjbjCqSPO0WSp6iAlT1heJtshivRBqVr26FM/C8y'

error = lambda: 1/0 # raise
print password_manager.check('$2a$10$T60swIc7ZjiXNz8BI90gn.LIP9DMS7FXrX1FejKvUzPD/ANL16eVy', 'fnord', setter=error)
True

The last line should call the setter to reset the hash.

Comments (0)

  1. Log in to comment