Last active
February 16, 2020 21:02
-
-
Save theRemix/257dfe4a07ad5434d41b9325c1314569 to your computer and use it in GitHub Desktop.
Revisions
-
theRemix revised this gist
Jan 27, 2020 . 2 changed files with 13 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -23,3 +23,11 @@ const incorrectPassword = 'incorrect passphrase' bcrypt.compare(incorrectPassword, saltedHash, (err, result) => { console.log('incorrect password entered, checked against database, result:', result) }) const myTruncatedPlaintextPassword = 'a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_'; console.log('truncated password length', myTruncatedPlaintextPassword.length) bcrypt.compare(myTruncatedPlaintextPassword, saltedHash, (err, result) => { console.log('correct truncated password entered, checked against database, result:', result) console.log('bcrypt truncates passphrase to 72 before evaluating, this still passes even though the passphrase is not the full original passphrase') }) This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,6 +2,9 @@ // node bcrypt-example.js password length 225 truncated password length 177 correct password entered, checked against database, result: true bcrypt salted hash: $2b$10$nXz7zH8vE0GHlXxJNPFfUuA1lTnWhumYyyfw.MAz7pCDCmDQlSUi2 incorrect password entered, checked against database, result: false correct truncated password entered, checked against database, result: true bcrypt truncates passphrase to 72 before evaluating, this still passes even though the passphrase is not the full original passphrase -
Jan 26, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,25 @@ const bcrypt = require('bcrypt'); const saltRounds = 10; const myPlaintextPassword = 'a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_'; console.log('password length', myPlaintextPassword.length) // auto generate salt and hash bcrypt.hash(myPlaintextPassword, saltRounds, (err, hash) => { // Store hash in your password DB. console.log('bcrypt salted hash:', hash) }); // check password against hash stored in db // pretend this is in db const saltedHash = '$2b$10$qJ03iNNJ9E0TXGPc8tstjODGbcHiWiMB3jh4rQQcmwNRp3pKp.11G' bcrypt.compare(myPlaintextPassword, saltedHash, (err, result) => { console.log('correct password entered, checked against database, result:', result) }) const incorrectPassword = 'incorrect passphrase' bcrypt.compare(incorrectPassword, saltedHash, (err, result) => { console.log('incorrect password entered, checked against database, result:', result) }) This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,7 @@ // npm i -S bcrypt // node bcrypt-example.js password length 225 bcrypt salted hash: $2b$10$gkrTdLYrgFveM0.0.ecV2.nrUQ75UyzYNvytyjT.ISmQuKzasN60i incorrect password entered, checked against database, result: false correct password entered, checked against database, result: true