What is the maximum username length for a Lemmy account?

Kalcifer · edit-2 9 hours ago

What is the maximum username length for a Lemmy account?

1984@lemmy.today · 10 hours ago

A password max length shouldn’t be needed if they store a hash of it in the db.

pivot_root@lemmy.world · edit-2 10 hours ago

It’s possible that Lemmy uses fixed-size buffers for the username and unhashed password. It would be pretty bad to give an unauthenticated user the power to allocate hundreds of megabytes in a shared process.

Not that I read the source code to know for sure, but it’s common practice to reduce the opportunity for denial of service attacks by limiting user input size.

slazer2au@lemmy.world · 9 hours ago

It’s up to the UI as to how much data to accept AFAIK. The lemmy-ui will truncate passwords beyond 60. So even if you have a 64 char password it will drop the last 4 and do the hashing on that.

Kalcifer · edit-2 9 hours ago

[…] The lemmy-ui will truncate passwords beyond 60. So even if you have a 64 char password it will drop the last 4 and do the hashing on that.

At least on sh.itjust.works, it doesn’t just silently truncate the password; it throws an error ^[1]:

References

“Sign Up”. sh.itjust.works. Lemmy. Accessed: 2025-02-02T08:49Z. https://sh.itjust.works/signup.
- When creating an account on sh.itjust.works, the sign-up form will throw this error if the provided password is greater than 60 characters in length.

slazer2au@lemmy.world · 9 hours ago

Oh, that’s good. My experience is from when joining .world during the API exodus.

TootSweet@lemmy.world · edit-2 12 hours ago

It might be 255 characters?

Assuming that’s the field applicable to this question, there isn’t some other limit somewhere other than the database and that I didn’t miss another later migration that changes the field length etc. I haven’t looked terribly thoroughly, though.

Graphy@lemmy.world · edit-2 10 hours ago

Can’t wait for the 255 username posting to 255 community @ 255 (253?) instance