bcrypt ident old? #7666
Description
Proposed change
I am writing/extending an ansible playbook to setup a NATS cluster. While the authorization token can be stored as bcrypt the token is required in plaintext when specifying the cluster routes. So I now store the password for token generation in plaintext and generate the bcrypt using {{ nats_auth_token_clear | ansible.builtin.password_hash(hashtype="bcrypt") }}
This generally works. However, I noticed that this will output a token that starts with $2b$ while nats server passwd will always generate tokens starting with $2a$.
Some research lead me to this https://stackoverflow.com/a/36225192/757509 posting stating that the identifiers for bcrypt are all the same essentially, but still mentions errornous implementations of the past.
I am not really sure what to do about all this. Maybe you should switch to $2b$ at least. Nevertheless it should at least be mentioned somewhere that/why you are using $2a$.
PS: for now I am using {{ nats_auth_token_clear | ansible.builtin.password_hash(hashtype="bcrypt", ident="2a") }} to get tokens starting with $2a$
Use case
prevent consfusion/uncertainty
Contribution
no