Closed meel-hd closed 1 year ago
It is by design, the first part of the hash, separated by a period .
is the salt which is randomly generated and combined with the input and then passed to bcrypt to generate a hash. This makes sure you have different hashes for same input to prevent a class of attacks called - rainbow-table attacks where the attacker has a large value of pre-calculated hashes against well-known passwords. Using a random salt force the attacker to brute-force every password.
Incase you need to generate the same hash for identical input, pass the second argument with a random string or the value returned by genSaltSync
. However, please don't do it for a system which protects passwords. IT IS HIGHLY INSECURE FOR PROTECTING PASSWORDS
I have node
v16.17.1
my usage:console.log(hashSync('1234', 8))
the output was:$2b$10$yRdmeNoCj9qJfervSXmOb.ctOP9tj9QBztcA122hSM3XpGdBwC5SG
. when I run the script again with the same input I got this output:$2b$10$0hbMM9JRCacNqfLo5O2gCOsixnPSNzWOfg/NiMuAollQDkbJzCJUm