Max length error on custom hash password salt

i’m attempting to import users from an existing database which contains hashed passwords and password salts.

[
    {
        "user": {
            "email": "ncooper-permstest@amplience.com",
            "name": "Neil Cooper",
            "email_verified": false,
            "custom_password_hash": {
                "algorithm": "md5",
                "hash": {
                    "value": "*****",
                    "encoding": "base64"
                },
                "salt": {
                    "value": "*****",
                    "encoding": "utf8",
                    "position": "prefix"
                }
            }
        },
        "errors": [
            {
                "code": "MAX_LENGTH",
                "message": "Error in custom_password_hash.salt.value property - String is too long (147 chars), maximum 128",
                "path": "custom_password_hash.salt.value"
            }
        ]
    }
]

i can’t find anything that sets the maximum salt length. is this configurable? or am i doing something wrong somewhere?

Hi @ncooper,

Welcome to the Auth0 Community!

From what I can find internally, the salt length is not configurable and we support salts up to 128 characters in length.

With that said, 147 characters seems quite long for a salt (and an odd number), is there a reason you have salts of that length? Could it be the salt value isn’t correct?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.