meg768
commented
10 years ago This is because I used some code from http://railscasts.com. I tried it, it worked, then I moved on. If you would like to use bcrypt instead, go right ahead!
Open mounte opened 10 years ago
meg768
commented
10 years ago This is because I used some code from http://railscasts.com. I tried it, it worked, then I moved on. If you would like to use bcrypt instead, go right ahead!
mounte
commented
10 years ago Ok, perfect ... I will make a pull request with new code. Hopefully it wont break anything (I have tested it locally but it is difficult to take into consideration every possible case since we dont have tests set up yet).
2014/1/8 Magnus Egelberg notifications@github.com
This is because I used some code from http://railscasts.com. I tried it, it worked, then I moved on. If you would like to use bcrypt instead, go right ahead!
— Reply to this email directly or view it on GitHubhttps://github.com/bookio/server/issues/2#issuecomment-31829412 .
mounte
commented
10 years ago Ok, I did some thinking and I will wait with the PR. The commit is available at https://github.com/bookio/server/commit/3647998a333120728816ebdf3914893a42a316f1
Currently the BCrypt::Engine is used to manually generate salt and hash for user password storage. From my experience and according to: http://bcrypt-ruby.rubyforge.org/ one should use BCrypt::Password instead: Password.create(new_password) for creating password and handling of salt by BCrypt library Comparisons of a BCrypt::Password and a string automatically takes care of hashing the string and the correct salt.
I dont want to make any changes to this at the moment, want to discuss first if there are any design-goals or similar that leads to the use of BCrytp::Engine