Storing Secure Passwords

April 30th, 2007

With the help of BCrypt, storing secure passwords just got really easy. BCrypt was written by codahale and released late February. I whipped up the code below in a few seconds to show how easy it is to encrypt passwords and then test if the unencrypted version matches the encrypted.

require 'rubygems'
require 'bcrypt'

password = BCrypt::Password.create("secret")
puts password
# => $2a$10$j56z5U17oXRU7r/QFKd4oOLTYg3L/zd5EGr9yvAaMYMAzSqzv8aya

puts password == "secret" 
# => true

puts password == "NotTheSecret" 
# => false

I would highly recommend trying it out on your next user model. Be sure to look at the docs, as well, because coda included several examples of how to integrate bcrypt with an active record model.

Posted by jnunemaker Filed in Gems

Sorry, comments are closed for this article to ease the burden of pruning spam. If you have any further comments, just send me an email.