During password check length of the user-supplied password is used.
vulners.com/securityvulns/securityvulns:doc:6452