May 4, 2020 • ☕️ 2 min read
I used bcrypt on Rails(API) project and it wasn’t easy to figure out how it works. So I’ll take a note of it.
Saving a password which users type in a form directly to the DataBase is really dangerous. So “bcrypt” uses something called hashing function
to encrypt the password which users type in.
hashing function is a function that can get a data which has fixed length of string, regardless of the original length of the string.
If a string gets encrypted through hashing function…
hash value
) from hashing functionhash value
is the same as the original string This bcrypt uses more techniques such as salt
and key stretching
and more. If you want to know more, I guess this article will help you.
To use bcrypt on your rails application, it is really simple and easy. ( If you are using devise
for login-related features, bycrypt is already installed as default)
devise
, you need to install bycrypt with Gemfile
gem 'bcrypt'
bundle install
User model
as you usually do. Please note that the password
column should be password_digest. You’ll see how important it is later on.rails g model User name:string email:string password_digest:string
rails db:migrate
.rails db:migrate
user.rb
like this. This method can be executable once you install bcrypt. This ’hassecurepassword’ will encrypt the password and put it into password_digest
column.class User < ApplicationRecord
has_secure_password
end
Now your application is ready to use bcrypt!
A string which gets put into password
column is going to be encrypted by hashing function, and the encrypted string will be saved on Database. A random string encrypted by hashing function is called hash value.
When a user want to login or edit his password, the application will check if the hash value for what he typed corresponds the one on Database. If corresponded, the user can finally login and edit the user information.
Thanks for reading, guys.
Tomoya