Closed ryoung2512 closed 5 years ago
I believe the hashSync does generate a salt each time within their code. I've we're still using the same version of bcrypt.
However, if we're changing this we might want to look at using the LDAP instead of generating passwords at all.
If you want to change this or take this on please do.
Closing this issue, as bcrypt handles tis.
Currently, we are using bcrypt and just one salt across all passwords to store passwords in the database. We should be randomly generating a salt each time someone makes a password and using that. This is a security issue. Is there any particular reason this design decision was made?