Making Comeonin's hashpwsalt() deterministic (Phoenix)

Question

In my Phoenix project, I am using:

  {:comeonin, "~> 4.0"},
  {:bcrypt_elixir, "~> 0.12.0"},

I see a lot of examples of user creation/authentication in which Comeonin.Bcrypt.hashpwsalt(password) is called with one argument. However, when I run this, or add_hash() from iex, it seems like the outputs are indeterministic:

iex(10)> password = Comeonin.Bcrypt.hashpwsalt("password")
"$2b$12$QUL1ytej8UqTvpU34E2oieshgOonf0RRZI0nva6T3HlK2RQ2JT74O"

iex(11)> password = Comeonin.Bcrypt.hashpwsalt("password")
"$2b$12$jz3sb5rLrmdHVRr7Nvq0te9He0Wt00DYy4kM.t9LFp6ZSx.siovJC"

iex(12)> password = Comeonin.Bcrypt.add_hash("password")
%{password: nil,
  password_hash: "$2b$12$4Ih30p4LbNk5LQStMDtah.ht0AQSO8mhhfCUeRQlFSNuI9vEgKI/q"}

iex(13)> password = Comeonin.Bcrypt.add_hash("password")
%{password: nil,
  password_hash: "$2b$12$92oe9Ccovrwi1GuHK5Zo3uaxbQEXEvgyqEx6o4tsW2J8TEsc/LrtS"}

Why does this occur, and how can I guarantee a deterministic hash from a given input?

Answer 1

hashpwsalt generates a random salt each time, so the resulting hash is going to be different every time. This is the recommended way of generating a password hash. You then use check_pass or checkpw for checking if a password matches the stored hash. If for some reason you want to get the same hash, you can use the library directly. For an example, see here:

https://github.com/riverrun/bcrypt_elixir/blob/master/lib/bcrypt.ex#L84

Can't think of a reason you would want to do this, though. It's more likely that you're making a mistake.