Does has_secure_password use any form of salting?

后端 未结 1 1972
野趣味
野趣味 2021-02-03 16:31

I want to use has_secure_password to store encrypted passwords in the database. I can\'t find on the the internet if has_secure_password uses any form

相关标签:
1条回答
  • has_secure_password uses bcrypt-ruby. bcrypt-ruby automatically handles the storage and generation of salts for you. A typical hash from bcrypt-ruby looks like this: $2a$10$4wXszTTd7ass8j5ZLpK/7.ywXXgDh7XPNmzfIWeZC1dMGpFghd92e. This hash is split internally using the following function:

    def split_hash(h)
      _, v, c, mash = h.split('$')
      return v, c.to_i, h[0, 29].to_str, mash[-31, 31].to_str
    end
    

    For the example hash this function yields:

    • version: 2a
    • cost: 10
    • salt: $2a$10$4wXszTTd7ass8j5ZLpK/7.
    • hash: ywXXgDh7XPNmzfIWeZC1dMGpFghd92e

    The ==-function of BCrypt::Password extracts the salt and applies it to the passed string:

    BCrypt::Password.create('bla') == 'bla' # => true
    
    0 讨论(0)
提交回复
热议问题