Storing Secure Passwords
With the help of BCrypt, storing secure passwords just got really easy. BCrypt was written by codahale and released late February. I whipped up the code below in a few seconds to show how easy it is to encrypt passwords and then test if the unencrypted version matches the encrypted.
require 'rubygems' require 'bcrypt' password = BCrypt::Password.create("secret") puts password # => $2a$10$j56z5U17oXRU7r/QFKd4oOLTYg3L/zd5EGr9yvAaMYMAzSqzv8aya puts password == "secret" # => true puts password == "NotTheSecret" # => false
I would highly recommend trying it out on your next user model. Be sure to look at the docs, as well, because coda included several examples of how to integrate bcrypt with an active record model.