forked from binarylogic/authlogic
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added :acts_like_restful_authentication to help with the transition, …
…and a new crypto provider BCrypt
- Loading branch information
1 parent
2b85651
commit 387c12c
Showing
5 changed files
with
78 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,49 @@ | |||
begin | |||
require "bcrypt" | |||
rescue LoadError | |||
end | |||
|
|||
module Authlogic | |||
module CryptoProviders | |||
# = Bcrypt | |||
# | |||
# For most apps Sha512 is plenty secure, but if you are building an app that stores the nuclear launch codes you might want to consier BCrypt. This is an extremely | |||
# secure hashing algorithm, mainly because it is slow. A brute force attack on a BCrypt encrypted password would take much longer than a brute force attack on a | |||
# password encrypted with a Sha algorithm. Keep in mind you are sacrificing performance by using this, generating a password takes exponentially longer than any | |||
# of the Sha algorithms. I did some benchmarking to save you some time with your decision: | |||
# | |||
# require "bcrypt" | |||
# require "digest" | |||
# require "benchmark" | |||
# | |||
# Benchmark.bm do |x| | |||
# x.report("BCrypt:") { BCrypt::Password.create("mypass") } | |||
# x.report("Sha512:") { Digest::SHA512.hexdigest("mypass") } | |||
# end | |||
# | |||
# user system total real | |||
# BCrypt: 0.110000 0.000000 0.110000 ( 0.113493) | |||
# Sha512: 0.010000 0.000000 0.010000 ( 0.000554) | |||
# | |||
# Decided BCrypt is for you? Just insall the bcrypt gem: | |||
# | |||
# gem install bcrypt-ruby | |||
class Bcrypt | |||
class << self | |||
def cost | |||
@cost ||= 10 | |||
end | |||
attr_writer :cost | |||
|
|||
def encrypt(pass) | |||
BCrypt::Password.create(pass, :cost => cost) | |||
end | |||
|
|||
# This does not actually decrypt the password, BCrypt is *not* reversible. The way the bcrypt library is set up requires us to do it this way. | |||
def decrypt(crypted_pass) | |||
BCrypt::Password.create(crypted_pass) | |||
end | |||
end | |||
end | |||
end | |||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters