I have an encrypted password with bcrypt. I want to check if the user input password exists in the DB.I am using mongoDB. How do I need to check that ? I need to encrypt the input password with the original salt and check if the pattern exists in the DB? if so how do I retrieve the salt? And If the salt is so easy to be retrieved what is the point of it from the outset?
Asked
Active
Viewed 201 times
0
-
On a point of clarity, bcrypt is not an encryption algorithm, it is a one way hashing algorithm. Changing the word "encrypted" to "hashed" would be more accurate. – root Mar 23 '20 at 01:11
-
What is the difference? Can you answer my question also please? – MD10 Mar 23 '20 at 06:33
-
1See https://stackoverflow.com/a/55904/2282634 – Joe Mar 23 '20 at 11:47
-
still dont understand how to check if the password exists in the DB if the salt always changes and hashing the input will give me different result because of the salt – MD10 Mar 23 '20 at 13:22
1 Answers
0
If you see a string in the database of the form:
$2a$12$tEKPayfQg.iLSLU5OqIeZOjQWe0r6ju7Bh8/WNa7u0sHNg214dptm
That is bcrypt.
Ian Boyd
- 246,734
- 253
- 869
- 1,219