6730c761d1
bcrypt hashing algorythm has a limitation on length of passwords it can hash on 72 bytes. In [1] a password trimm to 54 symbols has been implemented, which resulted in password being invalidated after the keystone upgrade, since passwords are trimmed differently by bcrypt itself, as well as len(str()) is not always equal to len(str().encode()) as trimming should be done based on bytes and not string itself. With the change we return a byte object from `verify_length_and_trunc_password`, so it does not need to be encoded afterwards, since we need to strip based on bytes rather then on length of the string. [1] https://review.opendev.org/c/openstack/keystone/+/828595 Closes-Bug: #2028809 Related-Bug: #1901891 Change-Id: Iea95a3c2df041a0046647b3d3dadead1a6d054d1
8 lines
261 B
YAML
8 lines
261 B
YAML
---
|
|
fixes:
|
|
- |
|
|
Passwords that are hashed using bcrypt are now truncated properly to the
|
|
maximum allowed length by the algorythm. This solves regression, when
|
|
passwords longer then 54 symbols are getting invalidated after the
|
|
Keystone upgrade.
|