Does has_secure_password use any form of salting?

后端未结

关注

 1  1094

I want to use has_secure_password to store encrypted passwords in the database. I can\'t find on the the internet if has_secure_password uses any form

相关标签:

1条回答

情书的邮戳

2021-02-03 17:38
has_secure_password uses bcrypt-ruby. bcrypt-ruby automatically handles the storage and generation of salts for you. A typical hash from bcrypt-ruby looks like this: $2a$10$4wXszTTd7ass8j5ZLpK/7.ywXXgDh7XPNmzfIWeZC1dMGpFghd92e. This hash is split internally using the following function:
```
def split_hash(h)
  _, v, c, mash = h.split('$')
  return v, c.to_i, h[0, 29].to_str, mash[-31, 31].to_str
end
```
For the example hash this function yields:
- version: 2a
- cost: 10
- salt: $2a$10$4wXszTTd7ass8j5ZLpK/7.
- hash: ywXXgDh7XPNmzfIWeZC1dMGpFghd92e
The ==-function of BCrypt::Password extracts the salt and applies it to the passed string:
```
BCrypt::Password.create('bla') == 'bla' # => true
```
0 讨论(0)
发布评论:

提交评论
- 加载中...