diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt index f975862869..dc0e0e2945 100644 --- a/docs/topics/auth/passwords.txt +++ b/docs/topics/auth/passwords.txt @@ -146,7 +146,7 @@ algorithm. that ``bcrypt(password_with_100_chars) == bcrypt(password_with_100_chars[:72])``. The original ``BCryptPasswordHasher`` does not have any special handling and thus is also subject to this hidden password length limit. - ``BCryptSHA256PasswordHasher`` fixes this by first first hashing the + ``BCryptSHA256PasswordHasher`` fixes this by first hashing the password using sha256. This prevents the password truncation and so should be preferred over the ``BCryptPasswordHasher``. The practical ramification of this truncation is pretty marginal as the average user does not have a