Is there a need to store bcrypt salt?
I'm confused with bcrypt, I would think I would need to store my salt, and then compare my plain text password + salt to the hashed password, however from documentation it does not look like storing the salt is necessary at all. Indeed I used this code to create salt and hashed password: let salt = await bcrypt.genSalt(10);
const saltpasshash = await new Promise((resolve, reject) => {
bcrypt.hash(plain_text_password, salt, function(err, hash) {
if (err) reject(err)
resolve(hash)
});
})
//NOTE I SAVE saltpasshash as users pass and the salt in a separate field in the users table. This works, what I am confused about is, will it return a valid result if I compare it as follows: valid = await bcrypt.compare(plain_text_password, user.saltpasshash); I'm confused as to why this would be valid when I am not providing the salt, and if so, what's the need to store the salt at all?
From a description of bcrypt at Wikipedia: ... The rest of the hash string includes the cost parameter, a 128-bit salt (Radix-64 encoded as 22 characters), and 184 bits of the resulting hash value (Radix-64 encoded as 31 characters) Thus, the bcrypt salt is automatically included in the output string which means there is no need to add it by yourself.