Does has_secure_password use any form of salting? Does has_secure_password use any form of salting? ruby-on-rails ruby-on-rails

Does has_secure_password use any form of salting?


ruby-on-rails ruby-on-rails-3 encryption passwords salt

has_secure_password uses bcrypt-ruby. bcrypt-ruby automatically handles the storage and generation of salts for you. A typical hash from bcrypt-ruby looks like this: $2a$10$4wXszTTd7ass8j5ZLpK/7.ywXXgDh7XPNmzfIWeZC1dMGpFghd92e. This hash is split internally using the following function:

def split_hash(h)  _, v, c, mash = h.split('$')  return v, c.to_i, h[0, 29].to_str, mash[-31, 31].to_strend

For the example hash this function yields:

  • version: 2a
  • cost: 10
  • salt: $2a$10$4wXszTTd7ass8j5ZLpK/7.
  • hash: ywXXgDh7XPNmzfIWeZC1dMGpFghd92e

The ==-function of BCrypt::Password extracts the salt and applies it to the passed string:

BCrypt::Password.create('bla') == 'bla' # => true

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last