bug in checking salt length is fixed

README.md

@@ -60,7 +60,7 @@ const fastify = require('fastify')({ logger: false })
 
 fastify.register(require('./'), {
   secret: 'averylogphrasebiggerthanthirtytwochars',
-  salt: 'mq9hDxBVDbspDR6nLfFT1g==',
+  salt: 'mq9hDxBVDbspDR6n',
   cookie: {
     // options from setCookie, see https://github.com/fastify/fastify-cookie
   }

index.js

@@ -6,25 +6,23 @@ const kObj = Symbol('object')
 
 module.exports = fp(function (fastify, options, next) {
   var key
+  var salt
   if (options.secret) {
     if (Buffer.byteLength(options.secret) < 32) {
       return next(new Error('secret must be at least 32 bytes'))
     }
 
     key = Buffer.allocUnsafe(sodium.crypto_secretbox_KEYBYTES)
-
-    // static salt to be used for key derivation, not great for security,
-    // but better than nothing
-    var salt = 'mq9hDxBVDbspDR6nLfFT1g=='
+    salt = Buffer.alloc(sodium.crypto_pwhash_SALTBYTES)
 
     if (options.salt) {
-      salt = options.salt
+      salt = Buffer.from(options.salt, 'ascii')
+    } else {
+      sodium.randombytes_buf(salt)
     }
 
-    salt = Buffer.from(salt, 'base64')
-
     if (Buffer.byteLength(salt) !== sodium.crypto_pwhash_SALTBYTES) {
-      return next(new Error('salt must be length 24'))
+      return next(new Error('salt must be length ' + sodium.crypto_pwhash_SALTBYTES))
     }
 
     sodium.crypto_pwhash(key,