Add Using BCrypt To Create And Check Hashed Passwords as a ruby til

2026-01-06 08:38:01 +00:00 · 2018-11-18 16:47:15 -06:00
parent 7a7724f0c1
commit db1c089700
2 changed files with 28 additions and 1 deletions
--- a/ruby/using-bcrypt-to-create-and-check-hashed-passwords.md
+++ b/ruby/using-bcrypt-to-create-and-check-hashed-passwords.md
@@ -0,0 +1,26 @@
+# Using BCrypt To Create And Check Hashed Passwords
+
+The [BCrypt](https://github.com/codahale/bcrypt-ruby) library is used under
+the hood by gems like Devise in order to work with passwords securely. You
+can use it to salt and hash a plain text password. You can also use it to
+check whether an encrypted password matches some input password.
+
+```ruby
+> include BCrypt
+=> Object
+
+> encrypted_pass = Password.create('password')
+=> "$2a$10$te3Y8wdSXf8/gWDeSP5z9eut7alThnuTvq1SvgQyJ1C57F.qit1uq"
+
+> Password.new(encrypted_pass) == "not_my_pass"
+=> false
+
+> Password.new(encrypted_pass) == "password"
+=> true
+```
+
+The `Password.create` method will salt and hash the given password. The
+resulting encrypted password, if it is an instance of `Password`, can be
+directly compared to a string. For good measure, in case the encrypted
+password is a string, you can wrap it in a call to `Password.new` to ensure
+you are working with a `Password` instance.