Add Using BCrypt To Create And Check Hashed Passwords as a ruby til

README.md

@@ -10,7 +10,7 @@ smart people at [Hashrocket](http://hashrocket.com/).
 For a steady stream of TILs from a variety of rocketeers, checkout
 [til.hashrocket.com](https://til.hashrocket.com/).
 
-_721 TILs and counting..._
+_722 TILs and counting..._
 
 ---
 
@@ -602,6 +602,7 @@ _721 TILs and counting..._
 - [Up And Down With Integers](ruby/up-and-down-with-integers.md)
 - [Use A Case Statement As A Cond Statement](ruby/use-a-case-statement-as-a-cond-statement.md)
 - [Use dotenv In A Non-Rails Project](ruby/use-dotenv-in-a-non-rails-project.md)
+- [Using BCrypt To Create And Check Hashed Passwords](ruby/using-bcrypt-to-create-and-check-hashed-passwords.md)
 - [Who Are My Ancestors?](ruby/who-are-my-ancestors.md)
 - [Zero Padding](ruby/zero-padding.md)
 

ruby/using-bcrypt-to-create-and-check-hashed-passwords.md

@@ -0,0 +1,26 @@
+# Using BCrypt To Create And Check Hashed Passwords
+
+The [BCrypt](https://github.com/codahale/bcrypt-ruby) library is used under
+the hood by gems like Devise in order to work with passwords securely. You
+can use it to salt and hash a plain text password. You can also use it to
+check whether an encrypted password matches some input password.
+
+```ruby
+> include BCrypt
+=> Object
+
+> encrypted_pass = Password.create('password')
+=> "$2a$10$te3Y8wdSXf8/gWDeSP5z9eut7alThnuTvq1SvgQyJ1C57F.qit1uq"
+
+> Password.new(encrypted_pass) == "not_my_pass"
+=> false
+
+> Password.new(encrypted_pass) == "password"
+=> true
+```
+
+The `Password.create` method will salt and hash the given password. The
+resulting encrypted password, if it is an instance of `Password`, can be
+directly compared to a string. For good measure, in case the encrypted
+password is a string, you can wrap it in a call to `Password.new` to ensure
+you are working with a `Password` instance.