From 26655dc7b7a5cf8374e1ecf4a9852e38a47be3b8 Mon Sep 17 00:00:00 2001
From: Justin Santa Barbara <justin@fathomdb.com>
Date: Wed, 8 Feb 2012 11:50:34 -0800
Subject: [PATCH] Fix comment on bcrypt and avoid hard-coding 29 as the salt
 length

Change-Id: Ifc78535ea79e071b7953769ff26eed8ecf666dc2
---
 keystone/common/utils.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/keystone/common/utils.py b/keystone/common/utils.py
index 6997eddd46..43a4d420e4 100644
--- a/keystone/common/utils.py
+++ b/keystone/common/utils.py
@@ -151,15 +151,14 @@ def hash_password(password):
 def check_password(password, hashed):
     """Check that a plaintext password matches hashed.
 
-    Due to the way bcrypt works, hashing a password with the hashed
-    version of that password as salt will return the hashed version
-    of that password (mostly). Neat!
+    hashpw returns the salt value concatenated with the actual hash value.
+    It extracts the actual salt if this value is then passed as the salt.
 
     """
     if password is None:
         return False
     password_utf8 = password.encode('utf-8')
-    check = bcrypt.hashpw(password_utf8, hashed[:29])
+    check = bcrypt.hashpw(password_utf8, hashed)
     return check == hashed