Use SCrypt with Devise user passwords
scrypt is probably more secure than bcrypt. Devise will probably eventually include it as en encryptor, but until it does, you can require this class (for rails apps, in your devise initializer) and set the encryptor config to 'scrypt'
module Devise
module Encryptable
module Encryptors
class Scrypt < Base
def self.digest(password, stretches, salt, pepper)
::SCrypt::Engine.hash_secret("#{password}#{pepper}", salt)
end
def self.compare(encrypted_password, password, stretches, salt, pepper)
Devise.secure_compare(encrypted_password, digest(password, stretches, salt, pepper))
end
def self.salt(stretches)
::SCrypt::Engine.generate_salt()
end
end
end
end
end
Written by Chris McLeod
Related protips
Have a fresh tip? Share with Coderwall community!
Post
Post a tip
Best
#Ruby
Authors
Sponsored by #native_company# — Learn More
#native_title#
#native_desc#