hash is appended to salt?

[adanvdo]

I could be wrong, but I am pretty sure the resulting hash is not supposed to be the generated salt concatenated with the hash?

I decided to use this library because i had dependency problems with bcrypt. Using bcryptjs, the generated hash is just the salt appended by a hashed string. I have worked with salted hash passwords before and the resulting hash has never been like that. Pretty sure the result should be the plain text password combined with the salt, and then hash that value.

example of current result hash: generated salt: $2a$10$JIKvm/G2VB60Vug8m3T8Du generated hash: $2a$10$JIKvm/G2VB60Vug8m3T8Du600ViyznayfU2miNjxFEXHP5qOxPpiy

if this is by design, i apologize. however, i dont really like it.

[Ruffio]

Wikipedia is your friend https://en.m.wikipedia.org/wiki/Bcrypt

[adanvdo]

that doesn't really address the problem?

[Ichag]

As I understand wikipedia, the salt is prepended to the hashed password.

For example, the shadow password record $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy specifies a cost parameter of 10, indicating 210 key expansion rounds. The salt is N9qo8uLOickgx2ZMRZoMye and the resulting hash is IjZAgcfl7p92ldGxad68LJZdL17lhWy. Per standard practice, the user's password itself is not stored. https://en.wikipedia.org/wiki/Bcrypt#Description

Please correct me if I'm wrong!

[adanvdo]

ah, I see. well if they designed it that way then I guess there is no issue. I ended up just using crypto anyways