Stack Overflow
Stack Overflow

Questions tagged [bcrypt-ruby]

The bcrypt Ruby gem provides a simple wrapper for safely handling passwords.

Bcrypt-ruby gem is a sophisticated and secure hash algorithm designed by The OpenBSD project for hashing passwords. The bcrypt Ruby gem provides a simple wrapper for safely handling passwords.

If you store user passwords in the clear, then an attacker who steals a copy of your database has a giant list of emails and passwords. Some of your users will only have one password -- for their email account, for their banking account, for your application. A simple hack could escalate into massive identity theft.

It's your responsibility as a web developer to make your web application secure -- blaming your users for not being security experts is not a professional response to risk.

Source: https://rubygems.org/gems/bcrypt-ruby

109 questions
17
votes
9 answers

can't activate bcrypt-ruby (~> 3.0.0), already activated bcrypt-ruby-3.1.1. Make sure all dependencies are added to Gemfile

I have Rails 4.0.0 app. When I run bundle install command there is no problem. This is my GemFile. source 'https://rubygems.org' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' gem 'rails', '4.0.0' gem 'mysql2' # Use SCSS for…
eayurt
  • 1,169
  • 1
  • 19
  • 42
13
votes
2 answers

undefined method `helper_method' for ApplicationController, Rails 5

I'm trying to integrate oAuth2.0 In my rails-api only application, using doorkeeper. But I keep getting this error, "undefined method `helper_method' for ApplicationController" and yet could not find a clear solution on how to solve it. bellow is…
CodeDaily
  • 756
  • 4
  • 17
13
votes
5 answers

(Rails) : NoMethodError: undefined method cost' for BCrypt::Engine:Class

When I learn "Ruby on Rails Tutorial", and I want to create a User on console: irb(main):001:0> User.create(name:"gsky",email:"k@q.com", irb(main):002:1* password:"aaaaaa",password_confirmation:"aaaaaa") then, I getting the following error…
gsky
  • 193
  • 1
  • 10
9
votes
4 answers

Rails 4 - Allow password change only if current password is correct

In my app, users can edit their profile information. On the edit profile form, the user can make changes to all fields (name, title, and more). On this same form are three fields: current_password, password, and password_confirmation. I am using…
Alexander
  • 3,959
  • 2
  • 31
  • 58
9
votes
10 answers

Why won't the bcrypt ruby gem install properly?

I am trying to encorporate bcrypt-ruby, v. 3.0.1. I enter the gem in my gem file as follows: gem 'bcrypt-ruby', '3.0.1' And I then go to the terminal and run: bundle install I get the following response: Gem::Installer::ExtensionBuildError:…
Philip7899
  • 4,599
  • 4
  • 55
  • 114
6
votes
2 answers

Why does BCrypt no longer accept hashes?

Last week I upgrade Fedora to the brand new 28 release, which came with a mongodb upgrade to 3.6. See How to repair mongodb service after an upgrade to Fedora 28? for how I managed to resolve my first problem which was that mongod would no longer…
psychoslave
  • 2,783
  • 3
  • 27
  • 44
6
votes
2 answers

How can i compare decrypted password and encrypted password by 'Bcrypt' Gem

I'm trying to use simple authentication for some post's comments. Users type comment with instant id and password and i use 'bcrypt' gem to store password in Database. Like this in comments_controller.rb @comment =…
PrepareFor
  • 2,448
  • 6
  • 22
  • 36
6
votes
2 answers

How to encrypt password with has_secure_password in Rails 4.2

I've an API and I installed the next gem gem 'bcrypt' And into my user model I specific that: has_secure_password My DataBase Have a field with name password_digest And when run the seeders Yea the password is encrypted, But when try to create…
Rul
  • 157
  • 1
  • 2
  • 10
6
votes
3 answers

Ruby-BCrypt: Specify salt

Is it possible to specify which salt is used when encrypting strings with ruby-bcrypt? I know it's not very safe, but I only use it for not-high security data: I have a plattform, and when a user deletes his account, i still want to know if this…
BvuRVKyUVlViVIc7
  • 11,641
  • 9
  • 59
  • 111
5
votes
1 answer

Are Rails passwords generated with bcrypt portable?

I have an existing web application with a few thousand users which I'm porting over to Rails. As I rewrite and refactor this app I may need to run it on any number of different servers for development, testing, and production purposes. I'm using…
wgp
  • 1,147
  • 15
  • 15
4
votes
1 answer

Why does Ruby's bcrypt lib include the salt in plaintext in the hash?

I am using Coda Hale's Ruby bcrypt library. I noticed recently that it wasn't working like I thought it worked. I had thought that the proper procedure is: Generate a salt Obtain a password Concatenate the salt and the password strings Hash them…
Steve Midgley
  • 2,226
  • 2
  • 18
  • 20
4
votes
1 answer

Why is BCrypt failing to authenticate in this context?

when I create users (in sinatra), I do this require 'Bcrypt' post '/users' do @user = User.new(params[:user]) @user.password_hash = BCrypt::Password.create(params[:password]) p @user.password_hash == params[:password] #…
dwilbank
  • 2,470
  • 2
  • 26
  • 37
3
votes
1 answer

Ruby and Sinatra, unable to compare hashed password with BCrypt

i'm developing a simple Ruby authentication app with Sinatra and DataMapper. I have successfully implemented an hashing password method for when the users get registered, but i'm unable to get the authentication route to work, it simply doesn't…
Axel Fooley
  • 49
  • 5
3
votes
2 answers

Password length validation never passes with has_secure_password

I'm trying to add a length validation to password, but it always errors out with 'Password is too short'. a = Artist.new(artist_name: 'Dylan', email: 'dylan@example.com', password: 'notshort') p a.errors.full_messages # ["Password is too short…
FeifanZ
  • 16,250
  • 7
  • 45
  • 84
3
votes
1 answer

Using bcrypt-ruby to validate hashed passwords using version $2y

We're in a bit of a bind where we need to use Ruby to auth users against an existing db of users. The user's passwords were all generated using password_compat PHP library. All the hashed passwords start with $2y. I've been using bcrypt-ruby to try…
gmoore
  • 5,506
  • 5
  • 29
  • 36
1
2 3 4 5 6 7 8