Package: python3-bcrypt
Version: 5.0.0-2
Severity: grave
This used to work:
from passlib.hash import bcrypt
bcrypt.verify('xxx',
'$2y$10$KwfCiMkON5ByhhzAtwUYRuegt7IJpm34JW4GN2FOVue6VOg7yJp6q')
But now it's complaining the password is too long, which it clearly isn't:
Traceback (most recent call last):
File "<python-input-13>", line 1, in <module>
bcrypt.verify('xxx',
'$2y$10$KwfCiMkON5ByhhzAtwUYRuegt7IJpm34JW4GN2FOVue6VOg7yJp6q')
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/passlib/utils/handlers.py", line 792, in
verify
return consteq(self._calc_checksum(secret), chk)
~~~~~~~~~~~~~~~~~~~^^^^^^^^
File "/usr/lib/python3/dist-packages/passlib/handlers/bcrypt.py", line 592,
in _calc_checksum
self._stub_requires_backend()
~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3/dist-packages/passlib/utils/handlers.py", line 2254,
in _stub_requires_backend
cls.set_backend()
~~~~~~~~~~~~~~~^^
File "/usr/lib/python3/dist-packages/passlib/utils/handlers.py", line 2163,
in set_backend
return cls.set_backend(name, dryrun=dryrun)
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/passlib/utils/handlers.py", line 2188,
in set_backend
cls._set_backend(name, dryrun)
~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/passlib/utils/handlers.py", line 2311,
in _set_backend
super(SubclassBackendMixin, cls)._set_backend(name, dryrun)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/passlib/utils/handlers.py", line 2224,
in _set_backend
ok = loader(**kwds)
File "/usr/lib/python3/dist-packages/passlib/handlers/bcrypt.py", line 627,
in _load_backend_mixin
return mixin_cls._finalize_backend_mixin(name, dryrun)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/passlib/handlers/bcrypt.py", line 422,
in _finalize_backend_mixin
if detect_wrap_bug(IDENT_2A):
~~~~~~~~~~~~~~~^^^^^^^^^^
File "/usr/lib/python3/dist-packages/passlib/handlers/bcrypt.py", line 381,
in detect_wrap_bug
if verify(secret, bug_hash):
~~~~~~^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/passlib/utils/handlers.py", line 792, in
verify
return consteq(self._calc_checksum(secret), chk)
~~~~~~~~~~~~~~~~~~~^^^^^^^^
File "/usr/lib/python3/dist-packages/passlib/handlers/bcrypt.py", line 656,
in _calc_checksum
hash = _bcrypt.hashpw(secret, config)
ValueError: password cannot be longer than 72 bytes, truncate manually if
necessary (e.g. my_password[:72])
-- System Information:
Debian Release: forky/sid
APT prefers testing
APT policy: (700, 'testing'), (600, 'unstable'), (150, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.17.9+deb14-amd64 (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_DIE
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8),
LANGUAGE=de:en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages python3-bcrypt depends on:
ii libc6 2.41-12
ii libgcc-s1 15.2.0-9
ii python3 3.13.7-1+b1
python3-bcrypt recommends no packages.
python3-bcrypt suggests no packages.
-- no debconf information
Christoph
