Node.bcrypt.js: Wrong error message being thrown when salt rounds value is a string

Created on 18 Jul 2016  路  1Comment  路  Source: kelektiv/node.bcrypt.js

Noticed this when I was reading the salt rounds value from an environment variable, which is returned as a string.

bcrypt.hashSync(str, '10') throws the error "Error: Invalid salt. Salt must be in the form of: $Vers$log2(NumRounds)$saltvalue"

bcrypt.genSaltSync('10') throws the error "Error: rounds must be a number"

I believe the error for genSaltSync should probably be the error thrown in hashSync for the same input of a string value for the rounds.

Using node 6.3.0.

picture geuis
👍2

Most helpful comment

Nah. The error your seeing in hashSync is because you need to supply the salt, not the rounds.

However, we should probably allow genSaltSync to accept a string and just check if the value is NaN, then throw/return an error. Alternatively, you could just parseInt() the env variable.

picture ncb000gt on 13 Oct 2016
👍4

>All comments

Nah. The error your seeing in hashSync is because you need to supply the salt, not the rounds.

However, we should probably allow genSaltSync to accept a string and just check if the value is NaN, then throw/return an error. Alternatively, you could just parseInt() the env variable.

ncb000gt picture ncb000gt on 13 Oct 2016
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

CMatias picture CMatias  路  4Comments
summertong picture summertong  路  5Comments
jferrettiboke picture jferrettiboke  路  4Comments
japita-se picture japita-se  路  4Comments
olsnacky picture olsnacky  路  4Comments