Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update password length validation to 72 characters max #3319

Merged
merged 1 commit into from
Nov 19, 2014
Merged

Update password length validation to 72 characters max #3319

merged 1 commit into from
Nov 19, 2014

Conversation

lleger
Copy link
Contributor

@lleger lleger commented Nov 19, 2014

BCrypt has a limit of 72 characters for the password. Anything beyond 72 characters is truncated:

require 'bcrypt'
password = 'a' * 72 
digest = BCrypt::Password.create(password) 
digest == password # => true
digest == password + 'foobar' # => true
digest == 'a' * 128 # => true

This commit updates the validation to limit passwords to less than 72 characters, keeping within the limitation.

For similar discussion, please see rails/rails#14591 and rails/rails#15708 where has_secure_password's validations were updated for this same reason.

I should note that I didn't make the change in lib/devise.rb, as I thought that would introduce a backwards-incompatible change.

@lleger
Update password length validation to 72 characters max
c7cc91c 
BCrypt has a limit of 72 characters for the password. Anything beyond 72
characters is truncated. This commit updates the validation to limit
passwords to less than 72 characters, keeping within the limitation.
josevalim added a commit that referenced this pull request Nov 19, 2014
@josevalim
Merge pull request #3319 from lleger/lleger-fix-password-length
a76dfd6 
Update password length validation to 72 characters max
@josevalim josevalim merged commit a76dfd6 into heartcombo:master Nov 19, 2014
@josevalim
Copy link
Contributor

❤️ 💚 💙 💛 💜

@lleger
Copy link
Contributor Author

lleger commented Nov 19, 2014

👍 💯

@rubyrider
Copy link
Contributor

(y)

@tmilewski
Copy link

🔒 👍

:shipit:

@dcsim
Copy link

dcsim commented Nov 19, 2014

💘 🔑 💘

@jonathansimmons jonathansimmons mentioned this pull request Mar 25, 2015
Closed
@lleger lleger mentioned this pull request May 19, 2016
Merged
@ClearlyClaire ClearlyClaire mentioned this pull request Dec 5, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@lleger @josevalim @rubyrider @tmilewski @dcsim