1

I am developing a ruby app, I have a back-end User table that store encrypted password using gem-bcrypt. How can I actually convert my password back to original to display it in my view? this is the code to digest my password

def self.digest(string)        
cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST : BCrypt::Engine.cost        
BCrypt::Password.create(string, cost: cost)    
end
Bach Dao
  • 125
  • 1
  • 10
  • 3
    You cannot. That is the whole point of using [Bcrypt](https://en.wikipedia.org/wiki/Bcrypt). It does not support to encrypt and decrypt strings. Bcrypt is a hashing function and from its hash, you cannot calculate the original string anymore. – spickermann May 01 '20 at 10:22
  • 1
    This is a typical XY problem – you asked about your attempt to solve a problem without specifying what that problem is (writing a “remember me” function). You might want to edit your question accordingly. You’ll get more useful answers if people understand what you are actually trying to achieve. – Stefan May 01 '20 at 11:07

1 Answers1

4

From their readme:

Background

Hash algorithms take a chunk of data (e.g., your user's password) and create a "digital fingerprint," or hash, of it. Because this process is not reversible, there's no way to go from the hash back to the password.

In other words:

hash(p) #=> <unique gibberish>

You can store the hash and check it against a hash made of a potentially valid password:

<unique gibberish> =? hash(just_entered_password)

I also don't understand why you want to do this. If you could reverse it back to the password, what would prevent a hacker who steals your dataset to do the same? The whole point of hashing passwords is that the can't be reversed. You can only check if the provided password is the correct one.

3limin4t0r
  • 19,353
  • 2
  • 31
  • 52
  • I want to make remember me function for logging in that allows user doesn't need to retype username and password anymore. My idea is get that user password and username from database to value of input attribute in html if user clicked remeber me. What else can I do for that? – Bach Dao May 01 '20 at 10:36
  • 1
    This is done through a cookie in the client. It stores the session or an authentication token with an expiry date. If you're using "devise" you can simply use their [`Rememberable`](https://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Rememberable) module. If you want to know the behind the scenes I suggest checking out [this question](https://stackoverflow.com/questions/1354999/keep-me-logged-in-the-best-approach). – 3limin4t0r May 01 '20 at 10:59
  • 1
    For a better understanding on how to do this yourself in Ruby on Rails you can have a look at [this RailsCast episode](http://railscasts.com/episodes/274-remember-me-reset-password). It's kinda old, and I'm not sure if that is still the way to go. However it shows how such a feature could be achieved. Another good question to look at for a general overview is [What is the best way to implement “remember me” for a website?](https://stackoverflow.com/questions/244882/what-is-the-best-way-to-implement-remember-me-for-a-website) – 3limin4t0r May 01 '20 at 11:04