Bcrypt rounds increase does not update passwords

Issue #6 new
Robert Buchholz
created an issue

When setting the _rounds parameter of the BCRYPTPasswordManager to a higher value, passwords should be upgraded when checking through the DelegatingPasswordManager.

Consider this example:

import cryptacular.core
import cryptacular.bcrypt
bcrypt_manager = cryptacular.bcrypt.BCRYPTPasswordManager()
password_manager = cryptacular.core.DelegatingPasswordManager(preferred=bcrypt_manager)
print password_manager.encode('fnord')

bcrypt_manager._rounds = 12
print password_manager.encode('fnord') # just to confirm

error = lambda: 1/0 # raise
print password_manager.check('$2a$10$T60swIc7ZjiXNz8BI90gn.LIP9DMS7FXrX1FejKvUzPD/ANL16eVy', 'fnord', setter=error)

The last line should call the setter to reset the hash.

Comments (0)

  1. Log in to comment