What are Salt Rounds and how are Salts stored in Bcrypt?
Salt is included in hash only and we need not to remember while comparing.
var myPlaintextPassword='Saifio';
var saltRounds = 10;
const hash = bcrypt.hashSync(myPlaintextPassword, saltRounds);
$2b$10$nOUIs5kJ7naTuTFkBy1veuK0kSxUFXfuaOKdOKf9xYT0KKIGSJwFa
| | | | | | | hash-value = K0kSxUFXfuaOKdOKf9xYT0KKIGSJwFa | | | | | salt = nOUIs5kJ7naTuTFkBy1veu | | | cost-factor = 10 = 2^10 iterations | hash-algorithm = 2b = BCrypt
- With "salt round" they actually mean the cost factor. The cost factor controls how much time is needed to calculate a single BCrypt hash. The higher the cost factor, the more hashing rounds are done. Increasing the cost factor by 1 doubles the necessary time. The more time is necessary, the more difficult is brute-forcing.
- The salt is a random value, and should differ for each calculation, so the result should hardly ever be the same, even for equal passwords.
- The salt is usually included in the resulting hash-string in readable form. So with storing the hash-string you also store the salt. Have a look at this answer for more details.