Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can i compare decrypted password and encrypted password by 'Bcrypt' Gem

Tags:

ruby

ruby-on-rails

bcrypt

encryption

bcrypt-ruby

I'm trying to use simple authentication for some post's comments.

Users type comment with instant id and password

and i use 'bcrypt' gem to store password in Database.

Like this in comments_controller.rb

@comment = Comment.new(comment_params)
bcrypted_pwd = BCrypt::Password.create(@comment.user_pwd)
@comment.user_pwd = bcrypted_pwd

and i use data-confirm-modal gem to confirm with data when user want to delete their comments

In this part, i have to decrypt user input password to compare with encrypted password in Database

how can i decrypt password and is there any good way to done this?

like image 760
PrepareFor Avatar asked Jun 27 '17 10:06

PrepareFor

1 Answers

ency_pass = BCrypt::Password.create("testing")
new_pass = "testing"

Let’s look at how we compare two bcrypt hashes, one coming from the database & one from user input (like a form or something like that).

BCrypt::Password.new(ency_pass) == new_pass
# true
BCrypt::Password.new(ency_pass) == "testing2"
#false

The part on the left (BCrypt::Password.new) is a BCrypt object, which takes the hash stored in the database as a parameter.

The part on the right (new_pass) is just the plain-text password that the user is trying to log in with.

Let's understand this things:

BCrypt uses something called a “salt”, which is a random value used to increase security against pre-computed hashes. The salt is stored in the hash itself. BCrypt defines its own == method, which knows how to extract that “salt” value so that it can take that into account when comparing the passwords.

BCrypt#== takes the “salt” value from the stored hash, then it hashes the plain-text password (the user input) using this salt so that both hashes will be identical if the password is valid.

If you were to look at the source code it would look something like this:

def ==(secret)
 super(
  BCrypt::Engine.hash_secret(secret, @salt)
 )
end

Remember that super will call the same method (in this case ==) on the parent class. The parent class of BCrypt::Password is String.

like image 62
Vishal Avatar answered Sep 27 '22 19:09

Vishal
Sign in to Comment

Related questions

Heroku - Updated JavaScript and CSS Not Loading
Ruby: How do you configure an enum in a fixture?
How to perform an active record search based on a regular expression
Rspec with Capybara have_css matcher is not working
Error while installing rails json gem - bundler cannot continue
How to default collection_check_boxes to checked?
reschedule a sidekiq job from within perform
How to avoid crashing Rails app after removing column from table?
Cannot install sqlite3 gem
Model design: Users have friends which are users
make rails link as bootstrap button
Rails - Determine the day of the week
How to copy Digital Ocean app folder to local machine?
How can I get the model name of object in rails?
Installing gems fails in deployment - AWS Elastic Beanstalk
Rails 4: Check if today is sunday, 15th of month or last day of month
Get dates Queries with arel and gt lt between methods in rails
Forms with Select2 are duplicated when clicking back button on browser in Rails 5
Rspec/capybara - test presence of a class OR another class
can't find gem railties (>= 0.a) (Gem::GemNotFoundException)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!