Last Updated: September 09, 2019
·
1.598K
· chrismcleod

Use SCrypt with Devise user passwords

#ruby
#devise
#scrypt

scrypt is probably more secure than bcrypt. Devise will probably eventually include it as en encryptor, but until it does, you can require this class (for rails apps, in your devise initializer) and set the encryptor config to 'scrypt'

module Devise
  module Encryptable
    module Encryptors

      class Scrypt < Base
        def self.digest(password, stretches, salt, pepper)
          ::SCrypt::Engine.hash_secret("#{password}#{pepper}", salt)
        end

        def self.compare(encrypted_password, password, stretches, salt, pepper)
          Devise.secure_compare(encrypted_password, digest(password, stretches, salt, pepper))
        end

        def self.salt(stretches)
          ::SCrypt::Engine.generate_salt()
        end
      end
    end
  end
end
#ruby
#devise
#scrypt

Written by Chris McLeod

Say Thanks
Respond

Related protips

HTTP Posts in Ruby

164.3K
9

Centered Text And Images In Github Markdown

142.2K
1

Take a photo of yourself every time you commit

110.8K
29

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #Ruby Authors
projectcleverweb
290.4K
#ruby
#javascript
#css
danielwestendorf
164.2K
#ruby
#Javascript
#CoffeeScript
mcansky
140.2K
#ruby
#JavaScript
#Shell
knoopx
112.4K
#ruby
#JavaScript
#CoffeeScript
stevennunez
100.7K
#ruby
#JavaScript
#CoffeeScript
Related Tags
#ruby
#devise
#scrypt
Sponsored by
#native_company#
#native_desc#
#native_cta#
Filed Under
Ruby Development Tips
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#