April 30, 2007

Posted by John

Tagged security

Older: Don't Reinvent The Wheel

Newer: Another Way To Search The Rails API

Storing Secure Passwords

With the help of BCrypt, storing secure passwords just got really easy. BCrypt was written by codahale and released late February. I whipped up the code below in a few seconds to show how easy it is to encrypt passwords and then test if the unencrypted version matches the encrypted.

require 'rubygems'
require 'bcrypt'

password = BCrypt::Password.create("secret")
puts password
# => $2a$10$j56z5U17oXRU7r/QFKd4oOLTYg3L/zd5EGr9yvAaMYMAzSqzv8aya

puts password == "secret"
# => true

puts password == "NotTheSecret"
# => false

I would highly recommend trying it out on your next user model. Be sure to look at the docs, as well, because coda included several examples of how to integrate bcrypt with an active record model.

0 Comments

Sorry, comments are closed for this article to ease the burden of pruning spam.

About

Authored by John Nunemaker (Noo-neh-maker), a web developer and programmer who has fallen deeply in love with Ruby. More about John.

Syndication

Feed IconRailsTips Articles - An assortment of howto's and thoughts on Ruby and Rails.

Feed IconRails Quick Tips - Ruby and Rails related links.