password_pepper.rdoc in rodauth-2.26.0

- old
+ new
@@ -13,9 +13,17 @@
 
 If your database already contains password hashes that were created without a
 password pepper, these will get automatically updated with a password pepper
 next time the user successfully enters their password.
 
+If you're using bcrypt (default), you should set +password_maximum_bytes+ so
+that password + pepper don't exceed 72 bytes. This is because bcrypt truncates
+passwords longer than 72 bytes, enabling an attacker to crack the pepper if the
+password bytesize is unlimited. If you're using argon2, you should probably set
++argon2_secret+ instead of using this feature.
+
+== Pepper Rotation
+
 You can rotate the password pepper as well, just make sure to add the previous
 pepper to the +previous_password_peppers+ array. Password hashes using the old
 pepper will get automatically updated on the next successful password match.
 
   password_pepper "new pepper"