Hi all,
I’m trying to understand how meteor stores the passwords in the mongodb. I read the docs but I couldn’t find an answer to my question.
When I create a new user through my app which is a Telescope app, there is created a new user with bcrypt field which is actually the password. However, I can not generate the same bcrypt hash with any of the bcrypt clients. So I can not match the password outside of the app. However, telescope can log me in with that newly generated user’s account. Telescope uses meteor accounts so it’s appropriate to ask this audience.
Here is an example:
password: paylasio12345
telescope generated a hash like this: $2a$10$4PjF7Wz/9W3hcQy.c8DabuUQnDTD8gL3C9VTSPj5dZP.oBOvGRxGq
When I try in some random bcrypt calculator I can not generate the same hash even though I use the same salt, algorithm version and cost factor.
Here is a screenshot:
Here is my trials with python client (results are also same in npm js bcrypt client which is used in meteor):
import bcrypt
bcrypt.hashpw(‘paylasio12345’, ‘$2a$10$4PjF7Wz/9W3hcQy.c8DabuUQnDTD8gL3C9VTSPj5dZP.oBOvGRxGq’)
‘$2a$10$4PjF7Wz/9W3hcQy.c8DabumHygPYe2kQuvObxUHw0G53SJe9Zf6Si’
As you can see, I can not generate the same hash again for the same password.
Could anybody show me a way to achieve this?
Thanks.