Geek Answers Handbook

How to add basic encryption to a password?

I am creating a basic registration form using ruby ​​on rails (I'm relatively new to rails) and I want to know how I can encrypt a new user password (for obvious security reasons)?

Here is my registration page:

<script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"></script>
<script type="text/javascript">
  $.noConflict();
  jQuery(document).ready(function($) {
    $('a.close').click(function(){
      $(this).parent().fadeOut();
    });
  });
</script>
<% if !flash.now[:notice].blank? %>
<div class="alert-message error">
  <a class="close" href="#">×</a>
  <p><strong><%= flash.now[:notice][0] %></strong></p>
</div>
<% end %>
<div class="alert-message info">
  <p><strong>Join us. It as simple as 1 2 3.</strong></p>
</div>
<% form_for :user do |f| %>
  <p> Email: <br />  <%= f.text_field :email %></p>
  <p> Name: <br />  <%= f.text_field :name %></p>
  <p> Username:<br /><%= f.text_field :username %></p>
  <p> Password: <br />  <%= f.password_field :password %></p>
  <p> Blog <i>(optional)</i>: <br />  <%= f.text_field :blog %></p>
  <p><%= submit_tag "Create User", :disable_with => "Please wait...", :class => "btn primary" %></p>
<% end %>

And user controller:

class UsersController < ApplicationController   
  def register
    @user = User.new(params[:user])
    if(request.post? and @user.save)
      flash[:notice] = "Account Created Successfully"
      redirect_to root_path      
    else
      flash.now[:notice] = @user.errors.full_messages
    end
  end
  def destroy
    @user = User.find(params[:id])
    @user.destroy
    redirect_to root_path
  end  
end

Any help would be greatly appreciated. Thanks in advance.

+5
source share
3 answers

Here you go:

self.salt = ActiveSupport::SecureRandom.base64(8)
self.hashed_password = Digest::SHA2.hexdigest(self.salt + submitted_password)

And for authentication:

def password_correct?
  user.hashed_password == Digest::SHA2.hexdigest(user.salt + password_to_confirm)
end

But, as allesklar wrote, Rails 3.1 would be a good choice. Check out the Railscasts on this.

+11
source

In fact, you are not encrypting the user password, you are using it.

SHA2, SHA-256 SHA-512. . Ruby, - .

salt <- generateRandomSalt();

method hashPassword(password)
  hash <- password
  reps <- 5000  // Tune this number to your system
  for (reps times)
    hash <- hash + salt  // Concatenate
    hash <- SHA256(hash)
  end for
  return hash
end hashPassword

. , , , . .

, , , , . 64 128 ( 8 16 ) . (5000 ) - . , 0,1 . , .

+2

, , Rails 3.1 "has_secure_password" . .

Rails.

: URL- . .

+2
source

More articles:


All Articles