Bcrypt.checkpw returns TypeError: Unicode objects must be encoded before validation

Question

Bcrypt.checkpw returns TypeError: Unicode objects must be encoded before validation

I call bcrypt.checkpw to check for matches with an unencrypted password with a hashed password stored in the credential database, but I get

TypeError: Unicode objects must be encoded before validation

How do I solve this problem? Any suggestion?
I installed python 2.7.6 and bcrypt 3.1.1

I have the following code:

 def check_password(password, hashed_password) if not bcrypt.checkpw(password, hashed_password): raise InvalidCredentials("403 Forbidden") else: return true

And get the following error:

File "/home/qt/virtualenv/lib/python2.7/site-packages/bcrypt/ init .py", line 100, in checkpw
raise TypeError ("Unicoed objects must be encoded before validation")
TypeError: Unicode objects must be encoded before validation

I looked at bcrypt/__init__.py , but I'm not sure why

 def checkpw(password, hashed_password): if (isinstance(password, six.text_type) or isinstance(hashed_password, six.text_type)): raise TypeError("Unicode-objects must be encoded before checking")

+9

python bcrypt

user7153744 Nov 13 '16 at 19:21

source share

3 answers

Laurent laporte · Answer 1 · 2016-11-13T20:20:17+0000

I make the assumption that you are using Python 3. With Python 3, strings are by default unicode strings.

If you call the bcrypt.checkpw() function with unicode values:

 import bcrypt password = "seCr3t" # unicode string hashed_password = "hashed_seCr3t" # unicode string bcrypt.checkpw(password, hashed_password)

You will get this exception

 Traceback (most recent call last): ... TypeError: Unicode-objects must be encoded before checking

The reason is simple: cryptographic functions work only with byte strings (or arrays).

Password and hashed_password should be as byte strings.

If you use the bcrypt.hashpw() function, your hashed_password should be a string of bytes, and I think the problem is the password value. This password should come from an HTML form of something similar. To use the bcrypt.checkpw() function, you must first encode the string value using the same encoding that you use to encrypt the password with the bcrypt.hashpw() function. Usually we choose the encoding "utf8".

For example (Python 2 and 3):

 import bcrypt # at creation first: password = u"seCr3t" hashed_password = bcrypt.hashpw(password.encode('utf8'), bcrypt.gensalt()) # first attempt: password = u"seCrEt" bcrypt.checkpw(password.encode('utf8'), hashed_password) # -> False # second attempt: password = u"seCr3t" bcrypt.checkpw(password.encode('utf8'), hashed_password) # -> True

See easy use on the Gihub page

djynnius · Answer 2 · 2018-02-03T08:32:04+0000

Something similar can be done

 bcrypt.checkpw(password.encode('utf-8'), hashed_password.encode('utf-8'))

Plain

Gosha null · Answer 3 · 2019-06-07T07:44:28+0000

i use something like that

 class User(Base): __tablename__ = "user" id = Column(BigInteger, primary_key=True, autoincrement=True) login = Column(String, nullable=False, unique=True) password = Column(String, nullable=False) @staticmethod def make_password_hash(password): hash = bcrypt.hashpw(password=password.encode('utf-8'), salt=bcrypt.gensalt()) return hash.decode('utf-8') def is_password_valid(self, password): return bcrypt.checkpw(password.encode('utf-8'), self.password.encode('utf-8'))

Bcrypt.checkpw returns TypeError: Unicode objects must be encoded before validation

More articles: