Constant boringauth::pass::PASSWORD_MAX_LEN

pub const PASSWORD_MAX_LEN: usize

The maximal accepted length for passwords.

A basic security advice is to use long password, therefore is may appear that limiting the maximal length is a bad idea. However, authorizing arbitrary size password leads to a DOS vulnerability: an attacker would submit excessively long passwords that would take ages to compute, exhausting the resources. Such vulnerabilities has already been reported, like CVE-2014-9016, CVE-2014-9034, CVE-2014-9218, and so on.

C interface

The C interface refers at this constant as LIBREAUTH_PASS_PASSWORD_MAX_LEN.