Using toString('hex') or toString('base64') on the resulting buffer always generates the same string

Question

Using toString('hex') or toString('base64') on the resulting buffer always generates the same string

Closed this issue 7 years ago · 4 comments

this library seems to return the same exact buffer when I hash a password:

> var secure = require('secure-password')
undefined
> var pwd = secure()
undefined
> pwd.hash(Buffer.from('foo'), (_, b) => console.log(b))
undefined
> <Buffer 24 61 72 67 6f 6e 32 69 24 76 3d 31 39 24 6d 3d 33 32 37 36 38 2c 74 3d 34 2c 70 3d 31 24 5a 6c 75 57 68 78 4c 75 54 71 6f 61 6c 75 58 5a 52 33 31 50 ... >
> pwd.hash(Buffer.from('foo'), (_, b) => console.log(b))
undefined
> <Buffer 24 61 72 67 6f 6e 32 69 24 76 3d 31 39 24 6d 3d 33 32 37 36 38 2c 74 3d 34 2c 70 3d 31 24 55 52 49 6e 6f 31 62 71 39 73 50 37 73 46 74 4f 4f 56 71 73 ... >
> pwd.hash(Buffer.from('asdsdsdsdsd'), (_, b) => console.log(b))
undefined
> <Buffer 24 61 72 67 6f 6e 32 69 24 76 3d 31 39 24 6d 3d 33 32 37 36 38 2c 74 3d 34 2c 70 3d 31 24 77 33 6e 6b 6c 48 54 4e 36 48 6c 6b 38 59 33 32 41 34 4a 47 ... >
> pwd.hash(Buffer.from('foobar'), (_, b) => console.log(b.toString('base64'))
> JGFyZ29uMmkkdj0xOSRtPTMyNzY4LHQ9NCxwPTEkTi9QbkZpN0M4Z3RlYUtha2hWbHNQdyRlaDd1WTc4dGlndHF2ZVlRWmlub1V4LytIMWZwaFNQdG1WMUs2bkpWWThzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
> pwd.hash(Buffer.from('foo'), (_, b) => console.log(b.toString('base64')))
undefined
> JGFyZ29uMmkkdj0xOSRtPTMyNzY4LHQ9NCxwPTEkMk9mam5DbFAvTHN1OExxVGJVWVpadyQyNjh0MXdnNkp5blhaM3RnUDZZR1JVeFdGYTZDditvbWJrR3B0eFNQb1U4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

Answer 1 · 2017-07-12T18:00:33.000Z

Or it does not, but if I convert this to a base64 string, all the strings are identical.

How do you recommend storing the hashed password?

Answer 2 · 2017-07-12T18:05:58.000Z

Nevermind I can't read/

Answer 3 · 2017-07-12T18:12:23.000Z

I should write some better docs! The hashes are actually ascii safe and you can read off the parameters in that format. What tripped you up was all the first bytes being the same parameters for your passwords ^^

Answer 4 · 2017-07-12T18:34:30.000Z

yeah, I probably should have eaten breakfast and not drank 3 cups of coffee at the same time.

knowing they're ascii safe is awesome. thank you!