Incompatibility with bcrypt backend

Issue #49 resolved
Former user created an issue

(Imported from Google Code)

leckey.ryan wrote:

What steps will reproduce the problem?
1. pip install passlib
2. pip install bcrypt
3. passlib.hash.bcrypt.encrypt('password')

What is the expected output? What do you see instead?

The expected output is the hashed password. Instead the
traceback below occurs.

What version of the product are you using? On what operating system?

I've tried this both with the latest release (1.6.1) and with the default branch from source control.

Please provide any additional information below.

Below is the traceback.

.../python3.3/site-packages/passlib/utils/handlers.py in encrypt(cls, secret, **kwds)

551 validate_secret(secret)
552 self = cls(use_defaults=True, **kwds)
--> 553 self.checksum = self._calc_checksum(secret)
554 return self.to_string()
555

.../python3.3/site-packages/passlib/handlers/bcrypt.py in _calc_checksum_pybcrypt_threadsafe(self, secret)

277 # used through passlib, this should be safe.
278 with self._calc_lock:
--> 279 return self._calc_checksum_pybcrypt(secret)
280
281 def _calc_checksum_pybcrypt(self, secret):

.../python3.3/site-packages/passlib/handlers/bcrypt.py in _calc_checksum_pybcrypt(self, secret)

289 raise uh.exc.NullPasswordError(self)
290 config = self._get_config()
--> 291 hash = _pybcrypt_hashpw(secret, config)
292 assert hash.startswith(config) and len(hash) == len(config)+31
293 return str_to_uascii(hash[-31:])

.../python3.3/site-packages/bcrypt/__init__.py in hashpw(password, salt)

89 def hashpw(password, salt):
90 if isinstance(password, text_type) or isinstance(salt, text_type):
---> 91 raise TypeError("Unicode-objects must be encoded before hashing")
92
93 hashed = _ffi.new("unsigned char[]", 128)

TypeError: Unicode-objects must be encoded before hashing

If you need anything else; let me know.

Comments (10)

  1. Eli Collins repo owner
    • assigned issue to
    • changed status to open
    • changed Milestone to 1.6.2

    (Imported from Google Code)

    Ah, it looks like "pip install bcrypt" is installing a new bcrypt library which came out in the last month or so (https://github.com/dstufft/bcrypt). Since it's api-compatible with py-bcrypt (https://code.google.com/p/py-bcrypt/), passlib detects it as such, but there's apparently a small api difference between the two of them, which is causing the bug here.

    I would suggest using py-bcrypt, except that 1) I don't think that project supports py3 and 2) I don't think it's being very actively maintained right now. So it's probably best just to add support for this new library into passlib :)

    Unless something surprising comes up, I should be able to roll out a bugfix release within a week or so (since this is a new bcrypt library, i'll need to do some more thorough testing first).

    - Eli

  2. Eli Collins repo owner

    (Imported from Google Code)

    Passlib 1.6.2 has been released, and 'bcrypt' should now be working fine. While it was probably "just working" for some people, there were a few unicode-related errors that should now be ironed out.

  3. Jan-Philip Gehrcke

    The same error appears again with bcrypt 2.0.0.

      File "/home/jang/nobackup/pyenv/versions/gipc343/lib/python3.4/site-packages/passlib/utils/handlers.py", line 571, in verify
        return consteq(self._calc_checksum(secret), chk)
      File "/home/jang/nobackup/pyenv/versions/gipc343/lib/python3.4/site-packages/passlib/handlers/bcrypt.py", line 285, in _calc_checksum
        return self._calc_checksum_backend(secret)
      File "/home/jang/nobackup/pyenv/versions/gipc343/lib/python3.4/site-packages/passlib/utils/handlers.py", line 1458, in _calc_checksum_backend
        return self._calc_checksum_backend(secret)
      File "/home/jang/nobackup/pyenv/versions/gipc343/lib/python3.4/site-packages/passlib/handlers/bcrypt.py", line 333, in _calc_checksum_pybcrypt
        hash = _bcrypt.hashpw(secret, config)
      File "/home/jang/nobackup/pyenv/versions/gipc343/lib/python3.4/site-packages/bcrypt/__init__.py", line 57, in hashpw
        raise TypeError("Unicode-objects must be encoded before hashing")
    

    Triggered by:

    from passlib.hash import bcrypt
    bcrypt.verify(password.encode("ascii"), hash.encode("ascii"))
    

    With passlib 1.6.2.

    This solved the issue:

    pip uninstall bcrypt
    pip install bcrypt=1.1.1
    

    Do you strive to support both, bcrypt 1 and 2, or do you want to drop support for bcrypt 1?

  4. Eli Collins repo owner

    Release will be out later today, I'm waiting to get hold of a friend's Macbook so I can run the unittests on OSX.

  5. Eli Collins repo owner

    Passlib 1.6.4 released earlier today, should fix this (and the related issue #56).

    Happy to reopen either issue if there are still problems.

  6. Log in to comment