When using has_secure_password
in Rails 3.1, bcrypt randomly generates a salt for each user's password. Based on this response, I understand the salt is stored as part of the password hash. Is there a method or attribute available to access that salt separately, for example to use in writing secure cookies?
You'll be able to get the salt and checksum if you need it.
gem install bcrypt-ruby
irb
require 'bcrypt'
hash = BCrypt::Password.create 'superpass'
=> "$2a$10$DtjuZD6nJtrBRLEySlSVm.bJyBMhEhVRAeiVk/GjmQdBNf7WhmDWi"
hash.salt
=> "$2a$10$DtjuZD6nJtrBRLEySlSVm."
hash.checksum
"bJyBMhEhVRAeiVk/GjmQdBNf7WhmDWi"
hash == "starbucks"
=> false
hash == "superpass"
=> true
Your salt and checksum will vary.
More info: https://github.com/codahale/bcrypt-ruby
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With