security - Why is the hash generated by BCrypt non-deterministic -


i've worked number of different hashing algorithms in past , under impression deterministic.

i switched of code use bcrypt.net , have admit stumped when of comparison tests failed.

after looking errors in test embarrassing amount of time realized assumption hashes deterministic incorrect. there verify method works , easy enough fix code i'd understand going on little bit better.

is salting values internally or else going on?

enter image description here

  • please note salting in real code - test

is salting values internally

yep. bcrypt more raw hash function, includes salt , few other bits allow hash validated without input:

$2a$12$q6r.mpvzpruszrwlgardlos04kpcjk0sycdelrzes9o8.unlhon.u  ^^ ^^ ^^^^^^^^^^^^^^^^^^^^^^  |  |  \- salt  |  \---- work factor  \------- format 

the api you're using doesn't expose don't need manipulate salt, it's there , don't need add own.


Comments

Popular posts from this blog

resizing Telegram inline keyboard -

command line - How can a Python program background itself? -

php - "cURL error 28: Resolving timed out" on Wordpress on Azure App Service on Linux -