Closed FC5570 closed 1 year ago
Using v18.5.0 of nodejs, on windows 11.
bcrypt.compare seems to always return true when long strings are compared such as JWTs.
For example:
const bcrypt = require('bcrypt'); const TOKEN_1 = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJqb2huLmRvZUBlbWFpbC5jb20iLCJyb2xlcyI6IlVTRVIiLCJpYXQiOjE2ODE0ODIxNTcsImV4cCI6MTY4NDA3NDE1N30.OXxHzjSnOyGqwnWSkqUs7mKyBpubvJpXdFXCbZuxwyI'; const TOKEN_2 = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJqb2huLmRvZUBlbWFpbC5jb20iLCJyb2xlcyI6IlVTRVIiLCJpYXQiOjE2ODE0OTMxNzEsImV4cCI6MTY4NDA4NTE3MX0.ltXNdyJbigSjjMu_g0pSTc0vQ5s9ncut78F2FiuKn5Q'; (async () => { const hash = await getIdToken(); console.log(`Hash: ${hash}`) const matches = await bcrypt.compare(TOKEN_2, hash); console.log(`Matches: ${matches}`) })(); async function getIdToken() { const salt = await bcrypt.genSalt(10); const hash = await bcrypt.hash(TOKEN_1, salt); return hash }
As you can see, the two tokens look almost identical, but are actually different. However, the comparison always returns true.
This is what is logged:
What seems to be the issue?
Closing as the issue has already been addressed.
Using v18.5.0 of nodejs, on windows 11.
bcrypt.compare seems to always return true when long strings are compared such as JWTs.
For example:
As you can see, the two tokens look almost identical, but are actually different. However, the comparison always returns true.
This is what is logged:![image](https://user-images.githubusercontent.com/68158483/232117924-acc9524a-ddaa-445e-8686-87fea963ffad.png)
What seems to be the issue?