What are Salt Rounds and how are Salts stored in Bcrypt?

Question

I\'m trying to configure Bcrypt for a node app that I\'m making and have several questions about salts that I hope someone here can help kindly answer.

• What

Answer 1

Salt is included in hash only and we need not to remember while comparing.

var myPlaintextPassword='Saifio';  
var saltRounds = 10;   
const hash = bcrypt.hashSync(myPlaintextPassword, saltRounds);


$2b$10$nOUIs5kJ7naTuTFkBy1veuK0kSxUFXfuaOKdOKf9xYT0KKIGSJwFa

| | | | | | | hash-value = K0kSxUFXfuaOKdOKf9xYT0KKIGSJwFa | | | | | salt = nOUIs5kJ7naTuTFkBy1veu | | | cost-factor = 10 = 2^10 iterations | hash-algorithm = 2b = BCrypt

Answer 2

1. With "salt round" they actually mean the cost factor. The cost factor controls how much time is needed to calculate a single BCrypt hash. The higher the cost factor, the more hashing rounds are done. Increasing the cost factor by 1 doubles the necessary time. The more time is necessary, the more difficult is brute-forcing.
2. The salt is a random value, and should differ for each calculation, so the result should hardly ever be the same, even for equal passwords.
3. The salt is usually included in the resulting hash-string in readable form. So with storing the hash-string you also store the salt. Have a look at this answer for more details.