I make the assumption that you use Python 3. With Python 3, strings are, by default, unicode strings.
If you call the bcrypt.checkpw()
function with unicode values:
import bcrypt
password = "seCr3t" # unicode string
hashed_password = "hashed_seCr3t" # unicode string
bcrypt.checkpw(password, hashed_password)
You’ll get this exception
Traceback (most recent call last):
...
TypeError: Unicode-objects must be encoded before checking
The reason is simple: cryptographic functions only work on bytes strings (or arrays in fact).
You password and hashed_password must be both bytes strings.
If you use the bcrypt.hashpw()
function, your hashed_password must be a bytes string, and I think the problem is for the password value. This password must come from a HTML form of something similar. To use the bcrypt.checkpw()
function, you must first encode the string value using the same encoding you use to encrypt the password with the bcrypt.hashpw()
function. Usually, we choose ‘utf8’ encoding.
For instance (Python 2 & 3):
import bcrypt
# at creation first:
password = u"seCr3t"
hashed_password = bcrypt.hashpw(password.encode('utf8'), bcrypt.gensalt())
# first attempt:
password = u"seCrEt"
bcrypt.checkpw(password.encode('utf8'), hashed_password)
# -> False
# second attempt:
password = u"seCr3t"
bcrypt.checkpw(password.encode('utf8'), hashed_password)
# -> True
See simple usage on Gihub page