Comments (3)
I have time on my hands so here is a little comparison with ncb000gt module. It demonstrate that the two modules don't give the same results. This is problematic as one may want to make sure that the implementation of bcrypt is correct in the module one uses.
/*jslint node: true, indent: 4, stupid: true */
var bcrypt = require('bcrypt'),
bcrypt_nodejs = require('bcrypt-nodejs'),
salt = '$2a$05$0000000000000000000000',
pw,
hash,
hash_nodejs;
pw = 'ThisIsAPassword';
console.log('----- Using latin password: \"' + pw + '\" -----');
console.log('Password length in bytes: ' + Buffer.byteLength(pw));
hash = bcrypt.hashSync(pw, salt);
hash_nodejs = bcrypt_nodejs.hashSync(pw, salt);
console.log('Hash with ncb000gt / node.bcrypt.js :\n\t ' + hash);
console.log('Hash with shaneGirish / bcrypt-nodejs:\n\t ' + hash_nodejs);
console.log((hash === hash_nodejs) ? 'PASSED' : 'FAILED');
pw = '\u6e2f';
console.log('----- Using utf-8 password: \"' + pw + '\" -----');
console.log('Password length in bytes: ' + Buffer.byteLength(pw));
hash = bcrypt.hashSync(pw, salt);
hash_nodejs = bcrypt_nodejs.hashSync(pw, salt);
console.log('Hash with ncb000gt / node.bcrypt.js :\n\t ' + hash);
console.log('Hash with shaneGirish / bcrypt-nodejs:\n\t ' + hash_nodejs);
console.log((hash === hash_nodejs) ? 'PASSED' : 'FAILED');
I don't know yet how to submit a patch so I'll work on that next, but for the moment, here is a fix which make the above code pass both tests.
function hashpw(password, salt, progress) {
...
// Old code
// for (var r = 0; r < password.length; r++) {
// passwordb.push(getByte(password.charAt(r)));
// }
//
// New working code.
var buf = new Buffer(password);
for (var r = 0; r < buf.length; r++) {
passwordb.push(buf[r]);
}
from bcrypt-nodejs.
I proposed a correction in #4, including a unit test demonstrating that the change works.
from bcrypt-nodejs.
The proposed correction was merged in. Closing this issue.
from bcrypt-nodejs.
Related Issues (20)
- Error while installing HOT 1
- node-gyp is required? HOT 1
- Did you plan a release?
- bcrypt compare returns false all the time HOT 4
- Error: global leak detected: lr HOT 7
- Salt in final hash result HOT 1
- Latest version is not published HOT 3
- package.json license field
- The link to github in package.json is wrong HOT 1
- Callback required error when hashing with 3 params HOT 2
- Use strict mode not working HOT 3
- RHEL6 wont compile no c++11 available HOT 2
- npm links to wrong repository HOT 9
- Maybe a CompareSync Bug HOT 6
- Standardized license HOT 3
- Rounds not optional in bcrypt.genSalt function HOT 1
- Not a valid BCrypt hash.
- hashSync broken, "TypeError: salt.charAt is not a function" HOT 2
- "Octal literal in strict mode" error in Webpack HOT 1
- Please mark the npm package / this project as deprecated HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bcrypt-nodejs.