New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support of $2y$ prefixed password in compare functions #849
Comments
Is it feasible for you to replace y with b? It is compatible with b |
That what I did in a local variable before invoking the compare function but I consider this as a hack and I'd prefer having 2y supported natively by the library . |
Encountered this myself matching against some passwords in a database that were generated by legacy PHP code I'm trying to replace. I was able to work around the lack of matching const user = /* fetch user from DB */
const hashPass = /^\$2y\$/.test(user.password) ? '$2a$' + user.password.slice(4) : user.password
const match = await bcrypt.compare(clearPass, hashPass)
if (match) { /* login */ } But I'd rather just be able to pass the Since there are tools today that generate |
Ran into this issue today and after reading the native code it seems like this is more a implementation decision rather than a personal preference. At the salt header check node.bcrypt.js/src/bcrypt_node.cc Lines 29 to 38 in 11d2ddd
The reason why it didn't support |
Hi,
We have to support user's accounts from a legacy php-based system that encrypts passwords in bcrypt but with a$2y$ prefix.
Can it be possible to support this prefix in the compare and compareSync function assuming it is compatible with 2b ?
Regards,
The text was updated successfully, but these errors were encountered: