Menu
I want to use has_secure_password to store encrypted passwords in the database. I can't find on the the internet if has_secure_password uses any form of salting. If it uses salting, how does it works? Can anyone clarify this for me?
Thijs
346
bcrypt provides a password-hashing algorithm that allows us to add secure authentication to our Rails sites. A hash algorithm takes data (in this case, a password) and hashes it using an algorithm. A password hash combines a user's password with a piece of random data known as salt.
bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD project for hashing passwords. The bcrypt Ruby gem provides a simple wrapper for safely handling passwords.
has_secure_password uses bcrypt-ruby. bcrypt-ruby automatically handles the storage and generation of salts for you. A typical hash from bcrypt-ruby looks like this: $2a$10$4wXszTTd7ass8j5ZLpK/7.ywXXgDh7XPNmzfIWeZC1dMGpFghd92e. This hash is split internally using the following function:
def split_hash(h) _, v, c, mash = h.split('$') return v, c.to_i, h[0, 29].to_str, mash[-31, 31].to_str end For the example hash this function yields:
The ==-function of BCrypt::Password extracts the salt and applies it to the passed string:
BCrypt::Password.create('bla') == 'bla' # => true If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
