Open starsoccer opened 1 year ago
Related to
The password algorithm used here is bcrypt, which has a maximum length of 72 bytes for the password. Other algorithms such as argon2id, scrypt, and pbkdf2 don't have this limitation. Switching to one of those or setting a reasonable max length that doesn't reveal the algorithm (such as 64 bytes) may suffice.
Hmm interesting news to me. I was just surprised to see the limit as most sites allow me to use 100 characters without any issue. I am not sure if they are using alternative algorithms or just doing something custom with bcrypt to support longer ones
I accidentally opened a duplicate issue for this, but I'll paste my solution suggestion here anyway:
Ideally, Homebox should show a proper error like "Password is too long", and the actual validation conditions on the register page itself, so users can easily create a password that meets requirements without having to search elsewhere for the validation info.
First Check
Homebox Version
0.8.2
What is the issue you are experiencing?
Attempting to use a password 100 characters long gives a generic error and does not work
How can the maintainer reproduce the issue?
Deployment
Unraid
Deployment Details
No response