String
A password management class which allows you to safely store users’ passwords and compare them.
Example usage:
include BCrypt # hash a user's password @password = Password.create("my grand secret") @password #=> "$2a$10$GtKs1Kbsig8ULHZzO1h2TetZfhO4Fmlxphp8bVKnUlZCBYYClPohG" # store it safely @user.update_attribute(:password, @password) # read it back @user.reload! @db_password = Password.new(@user.password) # compare it after retrieval @db_password == "my grand secret" #=> true @db_password == "a paltry guess" #=> false
Hashes a secret, returning a BCrypt::Password instance. Takes an optional :cost option, which is a logarithmic variable which determines how computational expensive the hash is to calculate (a :cost of 4 is twice as much work as a :cost of 3). The higher the :cost the harder it becomes for attackers to try to guess passwords (even if a copy of your database is stolen), but the slower it is to check users’ passwords.
Example:
@password = BCrypt::Password.create("my secret", :cost => 13)
# File lib/bcrypt.rb, line 159 159: def create(secret, options = { :cost => BCrypt::Engine::DEFAULT_COST }) 160: raise ArgumentError if options[:cost] > 31 161: Password.new(BCrypt::Engine.hash_secret(secret, BCrypt::Engine.generate_salt(options[:cost]), options[:cost])) 162: end
Initializes a BCrypt::Password instance with the data from a stored hash.
# File lib/bcrypt.rb, line 166 166: def initialize(raw_hash) 167: if valid_hash?(raw_hash) 168: self.replace(raw_hash) 169: @version, @cost, @salt, @checksum = split_hash(self) 170: else 171: raise Errors::InvalidHash.new("invalid hash") 172: end 173: end
Compares a potential secret against the hash. Returns true if the secret is the original secret, false otherwise.
# File lib/bcrypt.rb, line 176 176: def ==(secret) 177: super(BCrypt::Engine.hash_secret(secret, @salt)) 178: end
Splits h into version, cost, salt, and hash and returns them in that order.
# File lib/bcrypt.rb, line 191 191: def split_hash(h) 192: _, v, c, mash = h.split('$') 193: return v, c.to_i, h[0, 29].to_str, mash[31, 31].to_str 194: end
Disabled; run with --debug to generate this.
Generated with the Darkfish Rdoc Generator 1.1.6.