diff options
| author | Jenkins <jenkins@review.openstack.org> | 2012-02-08 22:19:06 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2012-02-08 22:19:06 +0000 |
| commit | 2cc97c19fb242128d760554324136cb6b500f479 (patch) | |
| tree | 00023b5cbe898b55219d87bf3f2f6f31d039f8d0 | |
| parent | 288159b7741124e4c36bfb58277a916c16d565af (diff) | |
| parent | 26655dc7b7a5cf8374e1ecf4a9852e38a47be3b8 (diff) | |
| download | keystone-2cc97c19fb242128d760554324136cb6b500f479.tar.gz keystone-2cc97c19fb242128d760554324136cb6b500f479.tar.xz keystone-2cc97c19fb242128d760554324136cb6b500f479.zip | |
Merge "Fix comment on bcrypt and avoid hard-coding 29 as the salt length" into redux
| -rw-r--r-- | keystone/common/utils.py | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/keystone/common/utils.py b/keystone/common/utils.py index f153c878..69fb5eda 100644 --- a/keystone/common/utils.py +++ b/keystone/common/utils.py @@ -151,15 +151,14 @@ def hash_password(password): def check_password(password, hashed): """Check that a plaintext password matches hashed. - Due to the way bcrypt works, hashing a password with the hashed - version of that password as salt will return the hashed version - of that password (mostly). Neat! + hashpw returns the salt value concatenated with the actual hash value. + It extracts the actual salt if this value is then passed as the salt. """ if password is None: return False password_utf8 = password.encode('utf-8') - check = bcrypt.hashpw(password_utf8, hashed[:29]) + check = bcrypt.hashpw(password_utf8, hashed) return check == hashed |