Password

[wendysmithwilliams]

Hi there!

We have been using userspice 4 for our website and have been working with an application developer to create an app. We need the users to be able to log into the app and the website using the same credentials.

The developer is asking me for a salt key and hash key for the password encryption, and I'm unable to find these anywhere.

Can you help please?

Many thanks, Wendy

[dan]

We use standard bcrypt with a hashing difficulty of 12.

[dan]

We use standard bcrypt with a hashing difficulty of 12.

[mohsin]

Hi
Every time when we are passing same string for hashing it returns us different results our concern is to get same hashing for same string every time.

[dan]

Bcrypt is purposely not deterministic which means that entering the same password over and over again will give you different results. That is a good thing with password hashing. If you noticed that both of the default user accounts have the same password of password but when you look at them in the database they look completely different. This means that if someone was able to hack one password in the database they would not automatically have the key to all the rest of the passwords.