Whenever I ran compareSync(password, passwordHash)
I would see the error
Invalid salt revision
This is the code in the library bcrypt-nodejs
minor = salt.charAt(2);
if (minor != 'a' || salt.charAt(3) != '$')
throw "Invalid salt revision";
off = 4;
That means it is looking for the letter a
in the index 2 position. I checked the password hash and saw that all of mine started with $2b
. What is the difference between $2a
and $2b
? Its a long story that includes many other $2<letter>
versions but long story short, reseachers may discover bugs in implementations and will use this lettering to distinguish between older and newer implementations
So bcrypt-nodejs
is old.
bcrypt-nodejs
is no longer maintained - DO NOT USE IT
Instead use bcryptjs
Ask your users to create new passwords OR if you havent launched, create new passwords using bcryptjs