private function isPasswordMatching(User $user, $password) { if (strlen($password) > 4096) { //Do not pass very long passwords to the encoder. Computing a hash might be slow. //Just reject them outright. return false; } return $this->encoder->isPasswordValid($password, $user->getPassword()); }