Luckily, almost all the mainstream password encryption solutions for Ruby at this point (i.e. ruby-bcrypt) do proper salting by default. Just one of the many glorious security features we take for granted because our tooling does the right thing for us!
As long as you're using something up-to-date and popular, you're probably okay. Still worth checking, though - take a look at your user table in the DB. Your password fields hopefully look something like this: "$2a$10$longstringoflettersandnumbers". The first bit acts like a header specifying the hash function and the length of the salt, then part of the long string after it is the salt, and the rest is the hashed password. If the field starts with "ab" instead, you're using a horrible database inherited from PHP and I feel sorry for you. On Mon, Feb 24, 2014, at 11:43 AM, Chris McCann wrote: This is a nice primer on what it means to salt a password and why and how you should do so. Any developer building a Rails app that includes user logins should read this and put it into practice: https://crackstation.net/hashing-security.htm?=rd Cheers, Chris -- -- SD Ruby mailing list [email protected] [1]http://groups.google.com/group/sdruby --- You received this message because you are subscribed to the Google Groups "SD Ruby" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit [2]https://groups.google.com/groups/opt_out. References 1. http://groups.google.com/group/sdruby 2. https://groups.google.com/groups/opt_out -- -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby --- You received this message because you are subscribed to the Google Groups "SD Ruby" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
