Skip to content

Fix password_length for new generated templates and default due to bcrypt gem work#5806

Open
le0pard wants to merge 1 commit intoheartcombo:mainfrom
le0pard:fix-default-password-length
Open

Fix password_length for new generated templates and default due to bcrypt gem work#5806
le0pard wants to merge 1 commit intoheartcombo:mainfrom
le0pard:fix-default-password-length

Conversation

@le0pard
Copy link

@le0pard le0pard commented Nov 5, 2025
edited
Loading

More info: bcrypt-ruby/bcrypt-ruby#283

Reproduction:

BCrypt::Password.new(BCrypt::Password.create('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa1')) == 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa2'
BCrypt::Password.new(BCrypt::Password.create('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa1')) == 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa222333'
BCrypt::Password.new(BCrypt::Password.create('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa1')) == 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa222333234234324'

All return true, so

Password 1: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa1
Password 2: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa2

These two users can login to each other's accounts because brcypt caps hashing to the first 72 bytes

not needed, if #5807 merged

@le0pard le0pard mentioned this pull request Nov 5, 2025
Closed
@kossy0701 kossy0701 mentioned this pull request Nov 29, 2025
Merged
@le0pard le0pard force-pushed the fix-default-password-length branch 2 times, most recently from 3865a95 to 0fc0693 Compare February 9, 2026 12:15
@le0pard le0pard force-pushed the fix-default-password-length branch from 0fc0693 to b4e347c Compare February 9, 2026 12:16
@le0pard
Copy link
Author

le0pard commented Feb 9, 2026

It is ready for review @carlosantoniodasilva

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@le0pard