Prevent hash error bcrypt.ErrPasswordTooLong for passwords > 72 bytes in length
#397
Conversation
| // This is to preserve backwards compatibility and will be removed in | ||
| // a subsequent version of the provider. |
There was a problem hiding this comment.
Is the plan to validate password length to a maximum of 72 bytes in a future version or should this comment be removed?
There was a problem hiding this comment.
I was thinking in the next major version release we could generate an error if the password length exceeds 72 bytes. If that sounds ok, I'll create a follow-up issue and link it in the code comment.
There was a problem hiding this comment.
Please feel free to raise a proposal, however I'm a little worried that may be an unpopular proposal just to appease a specific hashing algorithm behavior that not all affected practitioners (anyone generating long passwords) may need from the resource. I think noting the limitation in that hash description will either be good enough for the purposes of this provider or another proposal could be made to move that hashing algorithm to another provider (potentially in a provider-defined function once available) and drop the "problematic" attribute as out of scope for this provider.
There was a problem hiding this comment.
I removed the statement of removal from the comment and we can determine in a later issue if that's something we want to do ⚡
austinvalle
changed the title
bcrypt.ErrPasswordTooLong for passwords > 72 bytes in length
<Actions>
<action
id="40b8caa65227ee1ff402dd788d378a3dd5493dc0870df6841ca819e93c79246a">
<h3>Bump Terraform `random` provider version</h3>
<details
id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24">
<summary>Update Terraform lock file</summary>
<p>"hashicorp/random" updated from "3.5.1" to
"3.5.1" in file ".terraform.lock.hcl"</p>
<details>
<summary>3.5.1</summary>
<pre>Changelog retrieved
from:
	https://github.com/hashicorp/terraform-provider-random/releases/tag/v3.5.1
BUG
FIXES:

* resource/random_password: Prevent error with `bcrypt`
by truncating the bytes that are hashed to a maximum length of 72
([#397](https://github.com/hashicorp/terraform-provider-random/issues/397))


</pre>
</details>
</details>
</action>
</Actions>
---
<table>
<tr>
<td width="77">
<img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli
logo" width="50" height="50">
</td>
<td>
<p>
Created automatically by <a
href="https://www.updatecli.io/">Updatecli</a>
</p>
<details><summary>Options:</summary>
<br />
<p>Most of Updatecli configuration is done via <a
href="https://www.updatecli.io/docs/prologue/quick-start/">its
manifest(s)</a>.</p>
<ul>
<li>If you close this pull request, Updatecli will automatically reopen
it, the next time it runs.</li>
<li>If you close this pull request and delete the base branch, Updatecli
will automatically recreate it, erasing all previous commits made.</li>
</ul>
<p>
Feel free to report any issues at <a
href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br
/>
If you find this tool useful, do not hesitate to star <a
href="https://github.com/updatecli/updatecli/stargazers">our GitHub
repository</a> as a sign of appreciation, and/or to tell us directly on
our <a
href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>!
</p>
</details>
</td>
</tr>
</table>
Co-authored-by: Jenkins Infra Bot (updatecli) <60776566+jenkins-infra-bot@users.noreply.github.com>
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Closes: #396
This PR replicates the behaviour of the
bcryptpackage in versions of golang.org/x/crypto prior tov0.5.0.