passlib bcrypt not working when deployed to render. "ValueError: password cannot be longer than 72 bytes"

Question

Im trying to deploy a react app on render. It works on my localhost but when deployed on render the auth function doesn't work. It shows this error

ValueError: password cannot be longer than 72 bytes, truncate manually if necessary (e.g. my_password[:72]) however my print logs show that the password is only 13 bytes.

Ive tried using crypt context and made sure the bcrypt backend is the same in local and deployment. Im stuck. Please. Help.

Answer 1

I ran into the same issue recently on a previously stable app, and it turned out to be related to the latest bcrypt release. A change in behavior between passlib and bcrypt seems to have caused problems even when the input was well under the 72-byte limit.

What solved it for me was pinning bcrypt to version 4.3.0, instead of allowing the upgrade to 5.0.0 (released on 2025-09-25). After making that change, the errors stopped.

For example, in Python you can update requirements.txt from:

bcrypt

to:

bcrypt==4.3.0

This ensures your environment uses the last known stable version. If you’re working with another stack (React, FastAPI, etc.), the same principle applies — make sure you’re not pulling in bcrypt 5.0.0 until compatibility issues are resolved.