Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions src/v2/features/basic-authentication.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,14 @@ Both are separated by a `:` (punctuation mark) character.
>
> Only the password must be encoded using the [`BCrypt`](https://en.wikipedia.org/wiki/Bcrypt) password-hashing function.

> [!WARNING] Bcrypt Password Length Limit
>
> SWS rejects passwords longer than **72 bytes** before bcrypt verification. Hashes generated with standard `bcrypt` utilities or the [Apache `htpasswd`](https://httpd.apache.org/docs/2.4/programs/htpasswd.html) tool are compatible with SWS for passwords of 72 bytes or fewer.
>
> Passwords longer than 72 bytes will **not** match in SWS, even if the hash was generated by a tool that truncates the password.
>
> Make sure your password is **at most 72 bytes** long. We recommend using **ASCII-only passwords of 72 characters or fewer** to avoid encoding issues.

As an example, we will use the [Apache `htpasswd`](https://httpd.apache.org/docs/2.4/programs/htpasswd.html) tool to generate the `username:encrypted_password` pair.

```sh
Expand Down