[SOLVED] What is the maximum username length for a Lemmy account?
[SOLVED] What is the maximum username length for a Lemmy account?
Solution
The Lemmy server appears to have a database limit of 255 characters [2]; however, individual instances appear to put their own limits on username length though the frontend [3] and/or the API [4.1][4.2].
Original Post
If you know, please also provide relevant documentation.
UPDATE (2025-02-02T06:06Z): I did some brute-force testing, and, at least for sh.itjust.works, it seems that the maximum username length is 50, and the maximum password length is 60 [1].
References
- "Sign Up". sh.itjust.works. Lemmy. Accessed: 2025-02-02T08:49Z. https://sh.itjust.works/signup.
- When creating an account on sh.itjust.works, the sign-up form will throw this error if the provided password is greater than 60 characters in length.
- @[email protected] To: ["[SOLVED] What is the maximum username length for a Lemmy account?". "Kalcifer" @[email protected]. "Lemmy Support" [email protected]. sh.itjust.works. Lemmy. Published: 2025-02-03T00:54:51Z. https://sh.itjust.works/post/32085936.]. Published: 2025-02-02T05:57:26Z. Accessed: 2025-02-03T00:44Z. https://sh.itjust.works/post/32085936/16442382.
- They pointed to code on GitHub for the Lemmy server which outlines the length of the username data in the SQL database.
- "[SOLVED] What is the maximum username length for a Lemmy account?". "Kalcifer" @[email protected]. "Lemmy Support" [email protected]. sh.itjust.works. Lemmy. Published: 2025-02-03T00:54:51Z. Accessed: 2025-02-03T00:46Z. https://sh.itjust.works/post/32085936.
- §"Original Post". ¶2.
[…] I did some brute-force testing, and, at least for sh.itjust.works, it seems that the maximum username length is 50 […]
- The maximum username length for sh.itjust.works was found to be 50 characters by brute-force testing the length limit.
- §"Original Post". ¶2.
- "Andrew" @[email protected] To ["[SOLVED] What is the maximum username length for a Lemmy account?". "Kalcifer" @[email protected]. "Lemmy Support" [email protected]. sh.itjust.works. Lemmy. Published: 2025-02-03T00:54:51Z. https://sh.itjust.works/post/32085936.] Published: 2025-02-02T19:57:49Z. Accessed: 2025-02-03T00:59Z. https://sh.itjust.works/post/32085936/16453656.
-
curl -L http://lemmy.world/api/v3/site | jq -r .site_view.local_site.actor_name_max_length(26)- The maximum username length for Lemmy.world was found to be 26 characters via an API request.
-
curl -L http://sh.itjust.works/api/v3/site | jq -r .site_view.local_site.actor_name_max_length(50)- The maximum username length for sh.itjust.works was found to be 50 characters via an API request.
-
You're viewing a single thread.
A password max length shouldn't be needed if they store a hash of it in the db.
It's possible that Lemmy uses fixed-size buffers for the username and unhashed password. It would be pretty bad to give an unauthenticated user the power to allocate hundreds of megabytes in a shared process.
Not that I read the source code to know for sure, but it's common practice to reduce the opportunity for denial of service attacks by limiting user input size.
It's up to the UI as to how much data to accept AFAIK. The lemmy-ui will truncate passwords beyond 60. So even if you have a 64 char password it will drop the last 4 and do the hashing on that.
[…] The lemmy-ui will truncate passwords beyond 60. So even if you have a 64 char password it will drop the last 4 and do the hashing on that.
At least on sh.itjust.works, it doesn't just silently truncate the password; it throws an error [1]:
References
- "Sign Up". sh.itjust.works. Lemmy. Accessed: 2025-02-02T08:49Z. https://sh.itjust.works/signup.
- When creating an account on sh.itjust.works, the sign-up form will throw this error if the provided password is greater than 60 characters in length.
Oh, that's good. My experience is from when joining .world during the API exodus.
- "Sign Up". sh.itjust.works. Lemmy. Accessed: 2025-02-02T08:49Z. https://sh.itjust.works/signup.