'nodejs - how to compare two hashes password of bcrypt

Hello I need some help with this issue after I search the solution and I have not found yet,

I want to compare 2 hash password with bcrypt of the same password, how do I do it?

for example:

I have these 2 hash password that came from the same password in bcrypt: 

var password = E@Js#07Do=U$
var hash1 = $2a$10$fKAyjaG0pCkisZfRpKsBxursD6QigXQpm1TaPBDZ4KhIZRguYPKHe
var hash2 = $2a$10$mgApOcRIp7RSK3lRIIlQ5e/GjVFbxAFytGAEc0Bo17..r8v2pPR22
// that's not working for me
bcrypt.compare(passwordHash, userPasswordLoginHash, function(err, isMatch) {
   if (err) throw err;
   if(isMatch){
      console.log('correct password!')
   }
   callback(null, isMatch);
});

how can i compare them, to determine that they came from the same password, by using bcryptjs npm package?

javascriptnode.jshashpasswordsbcrypt


Solution 1:[1]

"With bcrypt lib you compare plain text password to the one hashed using the same lib."

The problem is with a micro services architecture, that is very insecure. If I have a front end passing an unhashed password to the backend, the unhashed password is getting logged (possibly in multiple places) before it gets compared against the hash in the DB on the system backend.

Solution 2:[2]

With bcrypt lib you compare plain text password to the one hashed using the same lib.

Say you hashed a password

const myPlaintextPassword = 'E@Js#07Do=U$'
bcrypt.hash(myPlaintextPassword, saltRounds, function(err, hash) {
  // Store hash in your password DB.
  // example output, taking your hash
  // hash = $2a$10$fKAyjaG0pCkisZfRpKsBxursD6QigXQpm1TaPBDZ4KhIZRguYPKHe
});

You compare like:

// db query, get hashed password, found hash
// hash = $2a$10$fKAyjaG0pCkisZfRpKsBxursD6QigXQpm1TaPBDZ4KhIZRguYPKHe
// User input again:
const myPlaintextPassword = 'E@Js#07Do=U$'
bcrypt.compare(myPlaintextPassword, hash, function(err, res) {
  // res is true as the original password is the same
  // res == true
});

Solution 3:[3]

For a bit extra security you can encrypt the password in the front-end and decrypt and compare in the back-end

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 TLL
Solution 2 1565986223
Solution 3 5skr0ll3r

Related Questions

React Router with optional path parameter

How to dynamically update google recaptcha sitekey?

How to dynamically update google recaptcha sitekey?

Remove duplicate in a string - javascript

Remove duplicate in a string - javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Find an element in DOM based on an attribute value

Redirecting html page with javascript

Find an element in DOM based on an attribute value

Find an element in DOM based on an attribute value

Redirecting html page with javascript

How to find x and y coordinates of a button while using keyboard navigation?

How to find x and y coordinates of a button while using keyboard navigation?