I generated the hash password into my db. In the incoming request I checked my plain input password with hashed password in the db. For example if my input password is XXXX and if add some characters in the middle then bcrypt compare method returns false. But if I add some characters at the last in my input password, my bcrypt compare method returns true. Please help to let me know why this happens.
*Per bcrypt implementation, only the first 72 bytes of a string are used. Any extra bytes are ignored when matching passwords. Note that
this is not the first 72 characters. It is possible for a string to
contain less than 72 characters while taking up more than 72 bytes
(e.g. a UTF-8 encoded string containing emojis).*
Your input is 74 bytes. So when you add extra char in middle it actually changes the input and it returns false. But extra chars in the end just being ignored.
You can check length with the below code
let ans = Buffer.byteLength("kw^#Ko38Q7GusXjd%L?