security - Why is the hash generated by BCrypt non-deterministic -
i've worked number of different hashing algorithms in past , under impression deterministic.
i switched of code use bcrypt.net , have admit stumped when of comparison tests failed.
after looking errors in test embarrassing amount of time realized assumption hashes deterministic incorrect. there verify method works , easy enough fix code i'd understand going on little bit better.
is salting values internally or else going on?
- please note salting in real code - test
is salting values internally
yep. bcrypt more raw hash function, includes salt , few other bits allow hash validated without input:
$2a$12$q6r.mpvzpruszrwlgardlos04kpcjk0sycdelrzes9o8.unlhon.u ^^ ^^ ^^^^^^^^^^^^^^^^^^^^^^ | | \- salt | \---- work factor \------- format
the api you're using doesn't expose don't need manipulate salt, it's there , don't need add own.
Comments
Post a Comment