dbarrosop
commented
1 year ago I don't think your assessment is correct but feel free to correct me if I am wrong. Based on the library's documentation:
https://www.npmjs.com/package/bcryptjs#hashs-salt-callback-progresscallback
if the salt is a number it autogenerates a salt of that length.
mmmmillar
https://github.com/nhost/hasura-auth/blob/44c7d9e1abb7a0d80189f792692fc3bda4ca9aa9/src/utils/password.ts#L8C38-L8C38
Password hashes are currently salted using a constant value - matching passwords across different databases are going to share the same hash