Last Updated: September 09, 2019
·
1.573K
· chrismcleod

Use SCrypt with Devise user passwords

#ruby
#devise
#scrypt

scrypt is probably more secure than bcrypt. Devise will probably eventually include it as en encryptor, but until it does, you can require this class (for rails apps, in your devise initializer) and set the encryptor config to 'scrypt'

module Devise
  module Encryptable
    module Encryptors

      class Scrypt < Base
        def self.digest(password, stretches, salt, pepper)
          ::SCrypt::Engine.hash_secret("#{password}#{pepper}", salt)
        end

        def self.compare(encrypted_password, password, stretches, salt, pepper)
          Devise.secure_compare(encrypted_password, digest(password, stretches, salt, pepper))
        end

        def self.salt(stretches)
          ::SCrypt::Engine.generate_salt()
        end
      end
    end
  end
end
#ruby
#devise
#scrypt

Written by Chris McLeod

Say Thanks
Respond

Related protips

HTTP Posts in Ruby

162.4K
9

Centered Text And Images In Github Markdown

141.5K
1

Take a photo of yourself every time you commit

109.9K
29

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #Ruby Authors
projectcleverweb
287.6K
#ruby
#javascript
#css
danielwestendorf
161.7K
#ruby
#Javascript
#CoffeeScript
mcansky
137.1K
#ruby
#JavaScript
#Shell
knoopx
111.3K
#ruby
#JavaScript
#CoffeeScript
stevennunez
99.74K
#ruby
#JavaScript
#CoffeeScript
Related Tags
#ruby
#devise
#scrypt
Sponsored by
#native_company#
#native_desc#
#native_cta#
Filed Under
Ruby Development Tips
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#