diff --git a/vlib/crypto/bcrypt/bcrypt.v b/vlib/crypto/bcrypt/bcrypt.v
index 8d1b2d4eb2..e406f06328 100644
--- a/vlib/crypto/bcrypt/bcrypt.v
+++ b/vlib/crypto/bcrypt/bcrypt.v
@@ -15,6 +15,8 @@ pub const min_hash_size = 59
 pub const major_version = '2'
 pub const minor_version = 'a'
 
+const error_msg_max_length_exceed_72 = 'Maximum password length is 72 bytes'
+
 pub struct Hashed {
 mut:
 	hash  []u8
@@ -41,6 +43,9 @@ const magic_cipher_data = [u8(0x4f), 0x72, 0x70, 0x68, 0x65, 0x61, 0x6e, 0x42, 0
 
 // generate_from_password return a bcrypt string from Hashed struct.
 pub fn generate_from_password(password []u8, cost int) !string {
+	if password.len > 72 {
+		return error(error_msg_max_length_exceed_72)
+	}
 	mut p := new_from_password(password, cost) or { return error('Error: ${err}') }
 	x := p.hash_u8()
 	return x.bytestr()
@@ -48,6 +53,9 @@ pub fn generate_from_password(password []u8, cost int) !string {
 
 // compare_hash_and_password compares a bcrypt hashed password with its possible hashed version.
 pub fn compare_hash_and_password(password []u8, hashed_password []u8) ! {
+	if password.len > 72 {
+		return error(error_msg_max_length_exceed_72)
+	}
 	mut p := new_from_hash(hashed_password) or { return error('Error: ${err}') }
 	p.salt << `=`
 	p.salt << `=`
diff --git a/vlib/crypto/bcrypt/bcrypt_test.v b/vlib/crypto/bcrypt/bcrypt_test.v
index 0765a72d8f..f51d3a401b 100644
--- a/vlib/crypto/bcrypt/bcrypt_test.v
+++ b/vlib/crypto/bcrypt/bcrypt_test.v
@@ -18,4 +18,13 @@ fn test_crypto_bcrypt() {
 	}
 
 	assert hash2_must_mismatch
+
+	long_password := 'jvaqhblwxtoytiaglflbisdeyoieianidksglxyitwopxgrjurhjvrsuydlcguaiueliuoikabibownvfcrcaogheq'
+	assert long_password.len > 72
+	bcrypt.generate_from_password(long_password.bytes(), 5) or {
+		assert err.msg() == 'Maximum password length is 72 bytes'
+	}
+	bcrypt.compare_hash_and_password(long_password.bytes(), hash2.bytes()) or {
+		assert err.msg() == 'Maximum password length is 72 bytes'
+	}
 }