Node-red-contrib-bcrypt - Password hashing

It's well-established that running the command-line password hash utility will give a different hash each time; eg,

https://discourse.nodered.org/t/hashing-password

But the node-red-contrib-bcrypt node seems to give the same hash each time:

(From the example provided at node-red-contrib-bcrypt (node) - Node-RED)

Is this expected?

That is a known issue with that node:

You should add to the existing GitHub issue. However the node hasn’t been updated in three years so it may be abandoned.

3 Likes

Hi Paul,
Yes indeed the genSaltSync (see here) should be called - in this particular use case - for every input message...

1 Like

Thanks, @BartButenaers & @zenofmud.

There is a solution proposed in that GitHub issue - how would I apply that to what's installed in my Node-RED (on Raspberry Pi) ?

You could edit the code and make the change. On the Pi, do a

cd $HOME/.node-red/node_modules/node-red-contib-bcrypt/bcrypt

you could then use nano, or vi or another editor to edit the bcrypt.js file. Make the change and save it, then stop and restart NR and see if it fixed the issue.

2 Likes

or try installing directly from the Github branch of the person that forked the original node and did the patch.
not the cleanest way .. unless someone contacts them again to release a new node

from .node-red folder

npm install martenjacobs/node-red-contrib-bcrypt#patch-1


Source of the list of commands

1 Like

Actually, the author has just done an update - v0.1.3 does now give a different hash each time:

3 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.