Menu
Hey so I was using Rails for my app but now I'm migrating to ReactJs + Node.
I cannot discover how Devise encrypted the password so I can send the request from my frontend to my backend.
I'm using Postgres for my db.
904
If you're using Rails to build your application, you can use Devise, a gem which is designed to make authentication easy. Fortunately, Devise has been used in production applications for years. It's known to be secure.
The result of bcrypt achieves core properties of a secure password function as defined by its designers: It's preimage resistant. The salt space is large enough to mitigate precomputation attacks, such as rainbow tables. It has an adaptable cost.
Devise is using bcrypt gem for encryption (https://github.com/codahale/bcrypt-ruby), you can also look at how Devise is doing it here: https://github.com/plataformatec/devise/blob/f39c6fd92774cb66f96f546d8d5e8281542b4e78/lib/devise/encryptor.rb
For more details on the algorithm, you can look here: https://github.com/codahale/bcrypt-ruby/blob/master/lib/bcrypt/password.rb
Hope that helps
70
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
