From a0f640c1e293e5cf92e568f97a368146c6d1197e Mon Sep 17 00:00:00 2001 From: Gabriel Lopes Veiga Date: Mon, 6 Nov 2023 19:59:13 -0300 Subject: [PATCH] Add string encoding to README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 059aa3a..e923108 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ gyp ERR! stack Error: "pre" versions of node cannot be installed, use the --node ## Security Issues And Concerns -> Per bcrypt implementation, only the first 72 bytes of a string are used. Any extra bytes are ignored when matching passwords. Note that this is not the first 72 *characters*. It is possible for a string to contain less than 72 characters, while taking up more than 72 bytes (e.g. a UTF-8 encoded string containing emojis). +> Per bcrypt implementation, only the first 72 bytes of a string are used. Any extra bytes are ignored when matching passwords. Note that this is not the first 72 *characters*. It is possible for a string to contain less than 72 characters, while taking up more than 72 bytes (e.g. a UTF-8 encoded string containing emojis). If a string is provided, it will be encoded using UTF-8. As should be the case with any security tool, anyone using this library should scrutinise it. If you find or suspect an issue with the code, please bring it to the maintainers' attention. We will spend some time ensuring that this library is as secure as possible.