Last Updated: November 09, 2021

· hannesg

Use BCrypt for passwords

#ruby

Using BCrypt for password hashing has several advantages over the builtin Digest classes. First of all it has a decent interface:

gem "bcrypt-ruby"
require "bcrypt"
hashed_password = BCrypt::Password.create "my password"

hashed_password is now an instance of BCrypt::Password. You can check the password now with ==:

hashed_password == "my password" # => true

The second nice point is the built-in security. Passwords are automatically salted. Furthermore, BCrypt has a parameter cost which exponentially scales the computation time.

hashed_password1 = BCrypt::Password.create( "my password", cost: 1 )
hashed_password10 = BCrypt::Password.create( "my password", cost: 10 )

Computing hashedpassword10 is 2^9 times as expessive as computing hashedpassword1. This way you can adjust the hashing algorithm to your available resources and always use the most-expensive-to-crack hashing you can afford.

Last but definitly not least storing and restoring BCrypt::Passwords is simple as hell:

storable_string = hashed_password.to_s
restored_hash = BCrypt::Password.new storable_string

NICE!

Written by Hannes Georg

Say Thanks

Respond

Have a fresh tip? Share with Coderwall community!

Best #Ruby Authors

287.6K

161.7K

mcansky

137.1K

#ruby

#JavaScript

#Shell

knoopx

111.3K

99.74K

Related Tags

Filed Under

Ruby Development Tips

Awesome Job

See All Jobs

Post a job for only $299

#native_title# #native_desc#

#native_cta#

Use BCrypt for passwords

Written by Hannes Georg

Related protips

HTTP Posts in Ruby

Centered Text And Images In Github Markdown

Take a photo of yourself every time you commit

Have a fresh tip? Share with Coderwall community!