undefined | Better HN

0 pointsGormanFletcher5y ago0 comments

The external auth service's API would receive textual input (expecting a string read from a textbox), not binary. A hash that included null bytes would output those in hex as ASCII zeroes, which wouldn't cause the same problem when the external service received the value.

0 comments

1 comments · 1 top-level

jlokier5y ago

And that is, in fact, how you should perform a hash before bcrypt as well.

bcrypt accepts text input, not binary.

So if you use a pre-hash, you pass the hex or base64 output from the hash to bcrypt.

j / k navigate · click thread line to collapse