I am using bcryptjs to hash passwords and some other data (All strings), the problem is, when the value of my hashed variable goes over a certain length, bcryptjs compares only the first 71 characters.
Bcrypt in code represents bcrpytjs module:
const bcrypt = require("bcryptjs");
Then I made a random 140 char long string, and hashed it:
const generatedToken = `asdawvuirtienberyntrooniyuetnryuuweyrtwqertynt9ryw954t867q35vb9yupeo8iu798n87vq76t5tvr657tfodgiutiyun98w47ywb6n6e678aretuybaert6yae87br6ta87`;
const hashedToken = await bcrypt.hash(generatedToken, 12);
Then I set a new variable to only the first 75 characters of my generated Token compare the 2 and log the result:
const insertedToken = "asdawvuirtienberyntrooniyuetnryuuweyrtwqertynt9ryw954t867q35vb9yupeo8iu798"
const comparisonResult = await bcrypt.compare(insertedToken, hashedToken);
console.log(comparisonResult);
And I get true, I even get true if after the first 75 characters, there is more that doesn't match :
const insertedToken = "asdawvuirtienberyntrooniyuetnryuuweyrtwqertynt9ryw954t867q35vb9yupeo8iu798 RANDOM TEXT THAT DOES NOT MATCH"
But if only the first 71 characters match, I finally get false. so this method is only viable for variables less than 71 characters.
Is this on bcryptjs ? should I use something else or am I simply using it wrong?
Just to include the answer here, bcryptjs has a limit on 72 characters when it comes to hashing, anything after that gets ignored.
As a small note, its the hashing that has the limit, not .compare, anything after the 71th character gets totally ignored while hashing a string.