diff --git a/fuzz/fuzz_targets/scrypt.rs b/fuzz/fuzz_targets/scrypt.rs
index 48916dab..95342a99 100644
--- a/fuzz/fuzz_targets/scrypt.rs
+++ b/fuzz/fuzz_targets/scrypt.rs
@@ -24,14 +24,19 @@ impl<'a> Arbitrary<'a> for ScryptRandParams {
 fuzz_target!(|data: (&[u8], &[u8], ScryptRandParams)| {
     let (password, salt, ScryptRandParams(params)) = data;
 
+    if password.len() > 64 {
+        return;
+    }
+
+    if salt.len() < Salt::MIN_LENGTH || salt.len() > (6 * Salt::MAX_LENGTH) / 8 {
+        return;
+    }
+
     // Check direct hashing
     let mut result = [0u8; 64];
     scrypt(password, salt, &params, &mut result).unwrap();
 
     // Check PHC hashing
-    if salt.len() < Salt::MIN_LENGTH {
-        return;
-    }
     let salt_string = SaltString::encode_b64(salt).unwrap();
     let phc_hash = Scrypt
         .hash_password_customized(