Skip to content

Fix bcrypt errors preventing users from being able to log in #19101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 28, 2025
Merged

Fix bcrypt errors preventing users from being able to log in #19101

merged 4 commits into from
Oct 28, 2025
+19 −6

Conversation

@anoadragon453
Copy link
Member

@anoadragon453 anoadragon453 commented Oct 27, 2025
edited
Loading

Once again fixes #19063.

This was causing users with too long a password, or too long a server-configured pepper, to be unable to log in.

The same fix was applied to bcrypt.hashpw(...) in #19078, but bcrypt.checkpw(...) was missed.

Pull Request Checklist

  • Pull request is based on the develop branch
  • Pull request includes a changelog file. The entry should:
    • Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from EventStore to EventWorkerStore.".
    • Use markdown where necessary, mostly for code blocks.
    • End with either a period (.) or an exclamation mark (!).
    • Start with a capital letter.
    • Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry.
  • Code style is correct (run the linters)

@anoadragon453
Prevent bcrypt.checkpw from raising ValueError
9f28b6e 
This was causing users with too long a password, or too long a
server-configured pepper, to be unable to log in.

The same fix applied to `hashpw` in
#19078, but for `checkpw` as
well.
@anoadragon453
Update log line to mention pepper
f715575 
As it's technically the password + the pepper that's checked for length.
@anoadragon453
Update config docs to better explain pepper's purpose
d422cc9
@github-actions github-actions bot deployed to PR Documentation Preview October 27, 2025 10:32 Active
@anoadragon453 anoadragon453 marked this pull request as ready for review October 27, 2025 10:33
@anoadragon453 anoadragon453 requested a review from a team as a code owner October 27, 2025 10:33
@github-actions github-actions bot deployed to PR Documentation Preview October 27, 2025 10:35 Active
MadLittleMods
MadLittleMods approved these changes Oct 27, 2025
View reviewed changes
synapse/handlers/auth.py
Comment on lines +1725 to +1733
bytes_to_hash = pw.encode("utf8") + password_pepper.encode("utf8")
if len(bytes_to_hash) > 72:
# bcrypt only looks at the first 72 bytes
logger.debug(
"Password + pepper is too long; truncating to 72 bytes for bcrypt. "
"This is expected behaviour and will not affect a user's ability to log in. 72 bytes is "
"sufficient entropy for a password."
)
bytes_to_hash = bytes_to_hash[:72]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just noting that it sucks that we have this pattern splatted across a few places now. But it's not unreasonable to have it this way ⏩

synapse/handlers/auth.py
Comment on lines +1728 to +1732
logger.debug(
"Password + pepper is too long; truncating to 72 bytes for bcrypt. "
"This is expected behaviour and will not affect a user's ability to log in. 72 bytes is "
"sufficient entropy for a password."
)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks reasonable in terms of fixing the problem. The "why" reasoning sounds great!

synapse/handlers/auth.py
pw = unicodedata.normalize("NFKC", password)
password_pepper = self.hs.config.auth.password_pepper

bytes_to_hash = pw.encode("utf8") + password_pepper.encode("utf8")
Copy link
Contributor

@MadLittleMods MadLittleMods Oct 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In terms of my own learning about using a pepper, https://stackoverflow.com/questions/16891729/best-practices-salting-peppering-passwords was good read.

Combining both the password and pepper before hashing with bcrypt seems like a good approach 👍 vs feeding one hash into another. The only better pattern I see people recommend is to use an hmac (and we can't switch to a new pattern).

Matches the previous behavior in bcrypt (truncating to 72 bytes) and is what they recommend when encountering this error "password cannot be longer than 72 bytes, truncate manually if necessary (e.g. my_password[:72])"

@anoadragon453 anoadragon453 merged commit db9a61c into release-v1.141 Oct 28, 2025
46 of 48 checks passed
@anoadragon453 anoadragon453 deleted the anoa/bcrypt_checkpw branch October 28, 2025 10:16
@anoadragon453 anoadragon453 mentioned this pull request Oct 28, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MadLittleMods MadLittleMods MadLittleMods approved these changes

Assignees

No one assigned

Labels

X-Release-Blocker

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@anoadragon453 @MadLittleMods