Max length configuration is set by default to 256 to allow most edge cases to still validate fully. It is intended to be set to the same value you (or your hash function) truncates the value to. If you are using bcrypt, most implementations will have a 72 character limit.
We also have algorithm fixes to avoid an edge case that could be used for DOS.
Max length configuration is set by default to 256 to allow most edge cases to still validate fully. It is intended to be set to the same value you (or your hash function) truncates the value to. If you are using bcrypt, most implementations will have a 72 character limit.
We also have algorithm fixes to avoid an edge case that could be used for DOS.