Maximum password length: "Provided password longer than supported in command line utility"

[mb720]

Hi and thanks for argon2!

Using version 20190702 of argon2, I hit the limit for maximum input length:

printf 'x%.0s' {1..128} | argon2 my_salt_is_here
Error: Provided password longer than supported in command line utility

Also in argon's source code I can see that the maximum password length is 127.

I was wondering:

1. Whether there are ways around that length limit, the error message suggests that the command line utility doesn't support longer inputs. Maybe argon2 per se doesn't have that limitation.
2. What's the reason for limiting input length to 127 bytes.

Thanks!

[LoganDark]

It's because the command-line utility doesn't expand the input buffer past that length:

phc-winner-argon2/src/run.c

Line 184 in 16d3df6

char pwd[MAX_PASS_LEN], *salt;

• Maybe argon2 per se doesn't have that limitation.

Correct, I think argon2 only has a limitation of 4GB (as that's the limit of a 32-bit unsigned integer).

2. What's the reason for limiting input length to 127 bytes.

I assume because it's stored on the stack. In my experience there's a convention to be nice to the stack and stay below ~1KB of usage. I'm sure if the buffer was allocated on the heap it would be able to be much larger. Perhaps you could open a PR to change it.