April 30, 2007

Posted by John

Tagged security

Older: Don't Reinvent The Wheel

Newer: Another Way To Search The Rails API

Storing Secure Passwords

With the help of BCrypt, storing secure passwords just got really easy. BCrypt was written by codahale and released late February. I whipped up the code below in a few seconds to show how easy it is to encrypt passwords and then test if the unencrypted version matches the encrypted.

require 'rubygems'
require 'bcrypt'

password = BCrypt::Password.create("secret")
puts password
# => $2a$10$j56z5U17oXRU7r/QFKd4oOLTYg3L/zd5EGr9yvAaMYMAzSqzv8aya

puts password == "secret"
# => true

puts password == "NotTheSecret"
# => false

I would highly recommend trying it out on your next user model. Be sure to look at the docs, as well, because coda included several examples of how to integrate bcrypt with an active record model.


Sorry, comments are closed for this article to ease the burden of pruning spam.


Authored by John Nunemaker (Noo-neh-maker), a programmer who has fallen deeply in love with Ruby. Learn More.


Release your software more often with fewer problems.
Flip your features.