It's not exactly that random. The hashed string generated after salting contains the salt itself. If you look at the hashed string closely, you'll see that the string is delimited by 3 $'s. $2b$10$uuIKmW3Pvme9tH8qOn/H7uZqlv9ENS7zlIbkMvCSDIv7aup3WNH9W
$2b -> bcrypt version
$10 -> salt rounds
First 22 remaining characters (uuIKmW3Pvme9tH8qOn/H7u) -> generated salt.
So now using these information, when we do bcrypt.compare and pass the hashed string and plain text, bcrypt hashes the plain text again using the salt above, and then compare if it is same with the hashed string passed to the compare function.
I hope that cleared your doubt.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
It's not exactly that random. The hashed string generated after salting contains the salt itself. If you look at the hashed string closely, you'll see that the string is delimited by 3 $'s.
$2b$10$uuIKmW3Pvme9tH8qOn/H7uZqlv9ENS7zlIbkMvCSDIv7aup3WNH9W
$2b -> bcrypt version
$10 -> salt rounds
First 22 remaining characters (uuIKmW3Pvme9tH8qOn/H7u) -> generated salt.
So now using these information, when we do
bcrypt.compare
and pass the hashed string and plain text, bcrypt hashes the plain text again using the salt above, and then compare if it is same with the hashed string passed to the compare function.I hope that cleared your doubt.