Solution

The Lemmy server appears to have a database limit of 255 characters [2]; however, individual instances appear to put their own limits on username length though the frontend [3] and/or the API [4.1][4.2].

Original Post

If you know, please also provide relevant documentation.

UPDATE (2025-02-02T06:06Z): I did some brute-force testing, and, at least for sh.itjust.works, it seems that the maximum username length is 50, and the maximum password length is 60 [1].

References
  1. “Sign Up”. sh.itjust.works. Lemmy. Accessed: 2025-02-02T08:49Z. https://sh.itjust.works/signup.
    • When creating an account on sh.itjust.works, the sign-up form will throw this error if the provided password is greater than 60 characters in length.
  2. @[email protected] To: [“[SOLVED] What is the maximum username length for a Lemmy account?”. “Kalcifer” @[email protected]. “Lemmy Support” [email protected]. sh.itjust.works. Lemmy. Published: 2025-02-03T00:54:51Z. https://sh.itjust.works/post/32085936.]. Published: 2025-02-02T05:57:26Z. Accessed: 2025-02-03T00:44Z. https://sh.itjust.works/post/32085936/16442382.

    It might be 255 characters? […]

    • They pointed to code on GitHub for the Lemmy server which outlines the length of the username data in the SQL database.
  3. “[SOLVED] What is the maximum username length for a Lemmy account?”. “Kalcifer” @[email protected]. “Lemmy Support” [email protected]. sh.itjust.works. Lemmy. Published: 2025-02-03T00:54:51Z. Accessed: 2025-02-03T00:46Z. https://sh.itjust.works/post/32085936.
    • §“Original Post”. ¶2.

      […] I did some brute-force testing, and, at least for sh.itjust.works, it seems that the maximum username length is 50 […]

      • The maximum username length for sh.itjust.works was found to be 50 characters by brute-force testing the length limit.
  4. “Andrew” @[email protected] To [“[SOLVED] What is the maximum username length for a Lemmy account?”. “Kalcifer” @[email protected]. “Lemmy Support” [email protected]. sh.itjust.works. Lemmy. Published: 2025-02-03T00:54:51Z. https://sh.itjust.works/post/32085936.] Published: 2025-02-02T19:57:49Z. Accessed: 2025-02-03T00:59Z. https://sh.itjust.works/post/32085936/16453656.

    1. curl -L http://lemmy.world/api/v3/site | jq -r .site_view.local_site.actor_name_max_length (26)

      • The maximum username length for Lemmy.world was found to be 26 characters via an API request.

    2. curl -L http://sh.itjust.works/api/v3/site | jq -r .site_view.local_site.actor_name_max_length (50)

      • The maximum username length for sh.itjust.works was found to be 50 characters via an API request.
    • @pivot_root
      87 days ago

      It’s possible that Lemmy uses fixed-size buffers for the username and unhashed password. It would be pretty bad to give an unauthenticated user the power to allocate hundreds of megabytes in a shared process.

      Not that I read the source code to know for sure, but it’s common practice to reduce the opportunity for denial of service attacks by limiting user input size.

    • slazer2auEnglish
      17 days ago

      It’s up to the UI as to how much data to accept AFAIK. The lemmy-ui will truncate passwords beyond 60. So even if you have a 64 char password it will drop the last 4 and do the hashing on that.

      • KalciferOPEnglish
        37 days ago

        […] The lemmy-ui will truncate passwords beyond 60. So even if you have a 64 char password it will drop the last 4 and do the hashing on that.

        At least on sh.itjust.works, it doesn’t just silently truncate the password; it throws an error [1]:

        References
        1. “Sign Up”. sh.itjust.works. Lemmy. Accessed: 2025-02-02T08:49Z. https://sh.itjust.works/signup.
          • When creating an account on sh.itjust.works, the sign-up form will throw this error if the provided password is greater than 60 characters in length.
        • slazer2auEnglish
          37 days ago

          Oh, that’s good. My experience is from when joining .world during the API exodus.