Bcrypt generates different hashes for the same input?

Question

I just added a registration functionality to my new grails project. For testing it, I registered by giving an email and a password. I am using bcrypt algorithm for hashing t

Answer 1

A BCrypt hash includes salt and as a result this algorithm returns different hashes for the same input. Allow me to demonstrate it in Ruby.

> require 'bcrypt'
> p = BCrypt::Password.create "foobar"
=> "$2a$10$DopJPvHidYqWVKq.Sdcy5eTF82MvG1btPO.81NUtb/4XjiZa7ctQS"
> r = BCrypt::Password.create "foobar"
=> "$2a$10$FTHN0Dechb/IiQuyeEwxaOCSdBss1KcC5fBKDKsj85adOYTLOPQf6"
> p == "foobar"
=> true
> r == "foobar"
=> true

Consequently, BCrypt cannot be used for finding users in the way presented in your example. An alternative unambiguous field should be used instead, e.g. user's name or e-mail address.