Menu
From what I understand from salting to make an encrypted password more secure, I would generate a random number (the salt) and store it along side the hashed password, in the user record (for example.) I would concatenate the salt with the plaintext password and then encrypt it (hash). The resulting hash would be much more difficult to crack. This process would be repeated to verify the password.
Looking at has_secure_password and bcrypt_ruby (disclosure: I am not a security expert) I don't see how that is done, as the only thing stored in the user record is the hashed password. Where's the salt?
686
The password hash and salt are saved in a string column called password_digest in the database. See this question.
88
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
