blob: 649f7083abae94b9341e8090741c2f8cf4232804 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD
project for hashing passwords. bcrypt-ruby provides a simple, humane wrapper for
safely handling passwords.
= bcrypt-ruby
An easy way to keep your users' passwords secure.
* http://bcrypt-ruby.rubyforge.org/
* http://github.com/codahale/bcrypt-ruby/tree/master
== Why you should use bcrypt
If you store user passwords in the clear, then an attacker who steals a copy of
your database has a giant list of emails and passwords. Some of your users will
only have one password - for their email account, for their banking account, for
your application. A simple hack could escalate into massive identity theft.
It's your responsibility as a web developer to make your web application secure
- blaming your users for not being security experts is not a professional
response to risk.
bcrypt allows you to easily harden your application against these
kinds of attacks.
|
