search

kelektiv / node.bcrypt.js

bcrypt for NodeJs
MIT License
7.38k stars 510 forks source link

Bcrypt generates same hashes for the diffrent input #996

Closed Viktor-the-great closed 11 months ago

Viktor-the-great commented 11 months ago

What went wrong? Bcrypt generates same hashes for the input string with same start (more 71 symbols)

    const salt = bcrypt.genSaltSync(10);
    let token1 = Array.from({ length: 71 }).reduce((res) => res + '_', '') + '1';
    let token2 = Array.from({ length: 71 }).reduce((res) => res + '_', '') + '2';
    console.log(bcrypt.hashSync(token1, salt) === bcrypt.hashSync(token2, salt)) // false

    token1 = Array.from({ length: 72 }).reduce((res) => res + '_', '') + '1';
    token2 = Array.from({ length: 72 }).reduce((res) => res + '_', '') + '2';
    console.log(bcrypt.hashSync(token1, salt) === bcrypt.hashSync(token2, salt)) // true

What did you expect to happen? Bcrypt generates different hashes for the diffrent input with same start

Which version of nodejs and OS? nodejs v18.12.1/ Ubuntu 20.04.6 LTS

recrsn commented 11 months ago

Bcrypt as per specification uses only first 72 bytes of the input.