Updated some comments for BCryptSHA256PasswordHasher.

django/contrib/auth/hashers.py

@@ -290,14 +290,11 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher):
 
     def encode(self, password, salt):
         bcrypt = self._load_library()
-        # Need to reevaluate the force_bytes call once bcrypt is supported on
+        # Hash the password prior to using bcrypt to prevent password
-        # Python 3
+        # truncation as described in #20138.
-
-        # Hash the password prior to using bcrypt to prevent password truncation
-        #   See: https://code.djangoproject.com/ticket/20138
         if self.digest is not None:
-            # We use binascii.hexlify here because Python3 decided that a hex encoded
+            # Use binascii.hexlify() because a hex encoded bytestring is
-            #   bytestring is somehow a unicode.
+            # Unicode on Python 3.
             password = binascii.hexlify(self.digest(force_bytes(password)).digest())
         else:
             password = force_bytes(password)
@@ -310,11 +307,11 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher):
         assert algorithm == self.algorithm
         bcrypt = self._load_library()
 
-        # Hash the password prior to using bcrypt to prevent password truncation
+        # Hash the password prior to using bcrypt to prevent password
-        #   See: https://code.djangoproject.com/ticket/20138
+        # truncation as described in #20138.
         if self.digest is not None:
-            # We use binascii.hexlify here because Python3 decided that a hex encoded
+            # Use binascii.hexlify() because a hex encoded bytestring is
-            #   bytestring is somehow a unicode.
+            # Unicode on Python 3.
             password = binascii.hexlify(self.digest(force_bytes(password)).digest())
         else:
             password = force_bytes(password)