BCrypt Password basics in Ruby
This video explains how to use the Bcrypt password class in Ruby to securely hash and store passwords. We'll look at how a user's encrypted password is stored in the database as a hashed string that can't be reversed. To check if a password matches, you initialize a Bcrypt::Password object with the hashed password, then compare it to a plain text password using the == operator, which Bcrypt overrides to check if the hashes match.
Bcrypt handles salting and key stretching internally to make brute force attacks harder. When creating a hash, Bcrypt takes time to run its key derivation function, which can be configured by increasing the cost parameter. We'll look at how to check properties of a bcrypt password like cost, version, and valid hash.
Overall, bcrypt provides a simple interface in Ruby for securely hashing passwords. By storing the bcrypt password hashes rather than plain text passwords, the passwords are securely encrypted at rest in the database. Bcrypt is an industry-standard for password hashing.
#rubyonrails #ruby #rails