Closed FC5570 closed 1 year ago
Using v18.5.0 of nodejs, on windows 11.
bcrypt.compare seems to always return true when long strings are compared such as JWTs.
For example:
const bcrypt = require('bcrypt'); const TOKEN_1 = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJqb2huLmRvZUBlbWFpbC5jb20iLCJyb2xlcyI6IlVTRVIiLCJpYXQiOjE2ODE0ODIxNTcsImV4cCI6MTY4NDA3NDE1N30.OXxHzjSnOyGqwnWSkqUs7mKyBpubvJpXdFXCbZuxwyI'; const TOKEN_2 = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJqb2huLmRvZUBlbWFpbC5jb20iLCJyb2xlcyI6IlVTRVIiLCJpYXQiOjE2ODE0OTMxNzEsImV4cCI6MTY4NDA4NTE3MX0.ltXNdyJbigSjjMu_g0pSTc0vQ5s9ncut78F2FiuKn5Q'; (async () => { const hash = await getIdToken(); console.log(`Hash: ${hash}`) const matches = await bcrypt.compare(TOKEN_2, hash); console.log(`Matches: ${matches}`) })(); async function getIdToken() { const salt = await bcrypt.genSalt(10); const hash = await bcrypt.hash(TOKEN_1, salt); return hash }
As you can see, the two tokens look almost identical, but are actually different. However, the comparison always returns true.
This is what is logged:
What seems to be the issue?
Closing as the issue has already been addressed.
FC5570
commented
1 year ago
Using v18.5.0 of nodejs, on windows 11.
bcrypt.compare seems to always return true when long strings are compared such as JWTs.
For example:
As you can see, the two tokens look almost identical, but are actually different. However, the comparison always returns true.
This is what is logged:
What seems to be the issue?