Open pietrorea opened 2 years ago
Hello :wave: — are there any known security implications for generating the salt separately from the hashing call? Specifically...
Doing them separate:
var salt = bcrypt.genSaltSync(10); var hash = bcrypt.hashSync("aPassword", salt);
All in one go:
const passwordHash = bcrypt.hashSync('aPassword', 10);
I guess you could provide your own salt? Is that a common practice? Otherwise, why did you include two separate ways to achieve the same thing in the API?
Hello :wave: — are there any known security implications for generating the salt separately from the hashing call? Specifically...
Doing them separate:
All in one go:
I guess you could provide your own salt? Is that a common practice? Otherwise, why did you include two separate ways to achieve the same thing in the API?