Max length error on custom hash password salt

ncooper · November 11, 2022, 4:50pm

i’m attempting to import users from an existing database which contains hashed passwords and password salts.

[
    {
        "user": {
            "email": "ncooper-permstest@amplience.com",
            "name": "Neil Cooper",
            "email_verified": false,
            "custom_password_hash": {
                "algorithm": "md5",
                "hash": {
                    "value": "*****",
                    "encoding": "base64"
                },
                "salt": {
                    "value": "*****",
                    "encoding": "utf8",
                    "position": "prefix"
                }
            }
        },
        "errors": [
            {
                "code": "MAX_LENGTH",
                "message": "Error in custom_password_hash.salt.value property - String is too long (147 chars), maximum 128",
                "path": "custom_password_hash.salt.value"
            }
        ]
    }
]

i can’t find anything that sets the maximum salt length. is this configurable? or am i doing something wrong somewhere?

dan.woda · November 14, 2022, 5:48pm

Hi @ncooper,

Welcome to the Auth0 Community!

From what I can find internally, the salt length is not configurable and we support salts up to 128 characters in length.

With that said, 147 characters seems quite long for a salt (and an odd number), is there a reason you have salts of that length? Could it be the salt value isn’t correct?

system · January 30, 2023, 9:33pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.