As I am referring to how password hashing works, there is an owasp blog says like "if a user can supply very long passwords then there is a potential denial of service vuln
