On Mon, Dec 08, 2025 at 08:01:22PM +0100, Christoph Berg wrote:
Re: Colin Watson
* Passing ``hashpw`` a password longer than 72 bytes now raises a
``ValueError``. Previously the password was silently truncated, following the
behavior of the original OpenBSD ``bcrypt`` implementation.
The password that I used was 3 characters, not > 72.
Based on the traceback, "password" must actually mean the salted/hashed
secret in this case, not the plaintext password.
I have no idea what they fixed in python3-passlib, but it works with
the new version. We could put in a Breaks: to prevent people from
running into this problem.
Yes, that's what I did in 5.0.0-3.
--
Colin Watson (he/him) [[email protected]]
