Class: BCrypt::Password

Inherits:

String

• Object
• String
• BCrypt::Password

Defined in:

lib/bcrypt.rb

Overview

A password management class which allows you to safely store users’ passwords and compare them.

Example usage:

include BCrypt

# hash a user's password  
@password = Password.create("my grand secret")
@password #=> "$2a$10$GtKs1Kbsig8ULHZzO1h2TetZfhO4Fmlxphp8bVKnUlZCBYYClPohG"

# store it safely
@user.update_attribute(:password, @password)

# read it back
@user.reload!
@db_password = Password.new(@user.password)

# compare it after retrieval
@db_password == "my grand secret" #=> true
@db_password == "a paltry guess"  #=> false

Instance Attribute Summary

• #checksum ⇒ Object readonly

  The hash portion of the stored password hash.

• #cost ⇒ Object readonly

  The cost factor used to create the hash.

• #salt ⇒ Object readonly

  The salt of the store password hash (including version and cost).

• #version ⇒ Object readonly

  The version of the bcrypt() algorithm used to create the hash.

Class Method Summary

• .create(secret, options = { :cost => BCrypt::Engine::DEFAULT_COST }) ⇒ Object

  Hashes a secret, returning a BCrypt::Password instance.

Instance Method Summary

• #==(secret) ⇒ Object (also: #is_password?)

  Compares a potential secret against the hash.

• #initialize(raw_hash) ⇒ Password constructor

  Initializes a BCrypt::Password instance with the data from a stored hash.

Constructor Details

#initialize(raw_hash) ⇒ Password

Initializes a BCrypt::Password instance with the data from a stored hash.

# File 'lib/bcrypt.rb', line 162

def initialize(raw_hash)
  if valid_hash?(raw_hash)
    self.replace(raw_hash)
    @version, @cost, @salt, @checksum = split_hash(self)
  else
    raise Errors::InvalidHash.new("invalid hash")
  end
end

Instance Attribute Details

#checksum ⇒ Object (readonly)

The hash portion of the stored password hash.

# File 'lib/bcrypt.rb', line 137

def checksum
  @checksum
end

#cost ⇒ Object (readonly)

The cost factor used to create the hash.

# File 'lib/bcrypt.rb', line 143

def cost
  @cost
end

#salt ⇒ Object (readonly)

The salt of the store password hash (including version and cost).

# File 'lib/bcrypt.rb', line 139

def salt
  @salt
end

#version ⇒ Object (readonly)

The version of the bcrypt() algorithm used to create the hash.

# File 'lib/bcrypt.rb', line 141

def version
  @version
end

Class Method Details

.create(secret, options = { :cost => BCrypt::Engine::DEFAULT_COST }) ⇒ Object

Hashes a secret, returning a BCrypt::Password instance. Takes an optional :cost option, which is a logarithmic variable which determines how computational expensive the hash is to calculate (a :cost of 4 is twice as much work as a :cost of 3). The higher the :cost the harder it becomes for attackers to try to guess passwords (even if a copy of your database is stolen), but the slower it is to check users’ passwords.

Example:

@password = BCrypt::Password.create("my secret", :cost => 13)

Raises:

• (ArgumentError)

# File 'lib/bcrypt.rb', line 155

def create(secret, options = { :cost => BCrypt::Engine::DEFAULT_COST })
  raise ArgumentError if options[:cost] > 31
  Password.new(BCrypt::Engine.hash_secret(secret, BCrypt::Engine.generate_salt(options[:cost]), options[:cost]))
end

Instance Method Details

#==(secret) ⇒ Object Also known as: is_password?

Compares a potential secret against the hash. Returns true if the secret is the original secret, false otherwise.

# File 'lib/bcrypt.rb', line 172

def ==(secret)
  super(BCrypt::Engine.hash_secret(secret, @salt))
end