Class BCrypt::Password
In: lib/bcrypt.rb
Parent: String

A password management class which allows you to safely store users’ passwords and compare them.

Example usage:

  include BCrypt

  # hash a user's password
  @password = Password.create("my grand secret")
  @password #=> "$2a$10$GtKs1Kbsig8ULHZzO1h2TetZfhO4Fmlxphp8bVKnUlZCBYYClPohG"

  # store it safely
  @user.update_attribute(:password, @password)

  # read it back
  @user.reload!
  @db_password = Password.new(@user.password)

  # compare it after retrieval
  @db_password == "my grand secret" #=> true
  @db_password == "a paltry guess"  #=> false

Methods

==   create   is_password?   new  

Attributes

cost  [R]  The cost factor used to create the hash.
hash  [R]  The hash portion of the stored password hash.
salt  [R]  The salt of the store password hash (including version and cost).
version  [R]  The version of the bcrypt() algorithm used to create the hash.

Public Class methods

Hashes a secret, returning a BCrypt::Password instance. Takes an optional :cost option, which is a logarithmic variable which determines how computational expensive the hash is to calculate (a :cost of 4 is twice as much work as a :cost of 3). The higher the :cost the harder it becomes for attackers to try to guess passwords (even if a copy of your database is stolen), but the slower it is to check users’ passwords.

Example:

  @password = BCrypt::Password.create("my secret", :cost => 13)

[Source]

     # File lib/bcrypt.rb, line 155
155:       def create(secret, options = { :cost => BCrypt::Engine::DEFAULT_COST })
156:         Password.new(BCrypt::Engine.hash_secret(secret, BCrypt::Engine.generate_salt(options[:cost]), options[:cost]))
157:       end

Initializes a BCrypt::Password instance with the data from a stored hash.

[Source]

     # File lib/bcrypt.rb, line 161
161:     def initialize(raw_hash)
162:       if valid_hash?(raw_hash)
163:         self.replace(raw_hash)
164:         @version, @cost, @salt, @hash = split_hash(self)
165:       else
166:         raise Errors::InvalidHash.new("invalid hash")
167:       end
168:     end

Public Instance methods

Compares a potential secret against the hash. Returns true if the secret is the original secret, false otherwise.

[Source]

     # File lib/bcrypt.rb, line 171
171:     def ==(secret)
172:       super(BCrypt::Engine.hash_secret(secret, @salt))
173:     end
is_password?(secret)

Alias for #==

[Validate]