About DefaultPasswordHasher


#1

The character string of the execution result of DefaultPasswordHasher always has the following character string at the beginning. ("$ 2y $ 10 $")
Is this a security problem?
(Does the hash method are inferred from this character string?)


#2

No, that is the normal behaviour.


#3

Its part of bcrypt


#4

Thank you for your reply.
I would like to ask you additional questions, do you normally store the results in the database as is, or do you store them after deleting the first character string ("$ 2y $ 10 $")?
When deleting, Auth-> identify () will result in an error, but how can we handle it?


#5

I save the hash as is