I have made many research but I could not figure out if we have a BCrypt Hash for example this hash :
$2a$12$XPC20niJIhZPxaKvJkSUfO/rwIetoScCze.tOcVS/aJzowvjpCPlq
can I create or generate a matching hash for this one.
Asked
Active
Viewed 492 times
0
Aymen B'm
- 1
- 1
-
Yes, using the same password and the same salt you'll get the same hash. – President James K. Polk Feb 18 '22 at 12:38
-
so without knowing the password and the tow hash generated with the same password but different salt I can not compare them! – Aymen B'm Feb 18 '22 at 12:49
-
@AymenB'm - This is why the salt is part of the password-hash string, it can be extracted from there for comparison, see this [answer](https://stackoverflow.com/a/20399775/575765). Most password-hash libraries provide a function similar to `passwordVerify()` which does the comparison for you. – martinstoeckli Feb 23 '22 at 07:39