Comments on: Securely store passwords with bcrypt-ruby; now compatible with JRuby and Ruby 1.9 http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/ Fri, 03 Feb 2012 23:02:15 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Ruby on Rails: 9 Articles on Rails Authentication — Teach Me To Code http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-45216 Ruby on Rails: 9 Articles on Rails Authentication — Teach Me To Code Sun, 15 May 2011 03:47:47 +0000 http://blog.phusion.nl/?p=316#comment-45216 [...] 3. Securely store passwords with bcrypt-ruby; now compatible with JRuby and Ruby 1.9 [...] [...] 3. Securely store passwords with bcrypt-ruby; now compatible with JRuby and Ruby 1.9 [...]

]]> By: Ruby on Rails Programmer - http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-43645 Ruby on Rails Programmer - Sat, 30 Apr 2011 11:55:54 +0000 http://blog.phusion.nl/?p=316#comment-43645 [...] Securely store passwords with bcrypt-ruby; now compatible with JRuby and Ruby 1.9 [...] [...] Securely store passwords with bcrypt-ruby; now compatible with JRuby and Ruby 1.9 [...]

]]> By: 23 Impressions http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-39580 23 Impressions Thu, 17 Mar 2011 08:51:46 +0000 http://blog.phusion.nl/?p=316#comment-39580 AUTHLOGIC and restful are far more easier to implement , we should try that . AUTHLOGIC and restful are far more easier to implement , we should try that .

]]> By: Simple suggestions for implementing passwords correctly | Zen and the Art of Programming http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-17570 Simple suggestions for implementing passwords correctly | Zen and the Art of Programming Wed, 24 Mar 2010 07:19:17 +0000 http://blog.phusion.nl/?p=316#comment-17570 [...] trait for hashing algorithms in this context. For this reason, it’s a good idea to use bcrypt, which offers a much slower and harder to brute-force algorithm that enables you to choose how time [...] [...] trait for hashing algorithms in this context. For this reason, it’s a good idea to use bcrypt, which offers a much slower and harder to brute-force algorithm that enables you to choose how time [...]

]]> By: Luca http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-16052 Luca Tue, 09 Feb 2010 14:07:50 +0000 http://blog.phusion.nl/?p=316#comment-16052 An easier way (and most likely safer), would just to be hand off the authentication to someone else. Use OpenID! An easier way (and most likely safer), would just to be hand off the authentication to someone else. Use OpenID!

]]> By: Caffeine Driven Development » Blog Archive » L33t Links #2 http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-9832 Caffeine Driven Development » Blog Archive » L33t Links #2 Thu, 03 Sep 2009 07:22:59 +0000 http://blog.phusion.nl/?p=316#comment-9832 [...] How to securely store passwords (using bcrypt-ruby) [...] [...] How to securely store passwords (using bcrypt-ruby) [...]

]]> By: Ian http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-9807 Ian Wed, 02 Sep 2009 15:58:26 +0000 http://blog.phusion.nl/?p=316#comment-9807 You should think about how the hacker would recreate the hashes not about bruteforcing. As bcrypt is open source and if your hacker had a very large dictionary word or known password list, how hard would it be for him to make a bcrypt version of his list and look for matches? Good salt for sure is always needed no matter what the crypto when you look at this type of attack method. As really the salt is the only strength no matter what algorithm. You should think about how the hacker would recreate the hashes not about bruteforcing. As bcrypt is open source and if your hacker had a very large dictionary word or known password list, how hard would it be for him to make a bcrypt version of his list and look for matches?

Good salt for sure is always needed no matter what the crypto when you look at this type of attack method. As really the salt is the only strength no matter what algorithm.

]]> By: Ruby on Rails: 9 Articles on Rails Authentication http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-9502 Ruby on Rails: 9 Articles on Rails Authentication Thu, 27 Aug 2009 04:39:43 +0000 http://blog.phusion.nl/?p=316#comment-9502 [...] 3. Securely store passwords with bcrypt-ruby; now compatible with JRuby and Ruby 1.9 [...] [...] 3. Securely store passwords with bcrypt-ruby; now compatible with JRuby and Ruby 1.9 [...]

]]> By: Josh http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-9241 Josh Wed, 19 Aug 2009 17:25:54 +0000 http://blog.phusion.nl/?p=316#comment-9241 I would simply like to say thanks. Phusion has done so much to help the Ruby community and we are all very grateful. I would simply like to say thanks. Phusion has done so much to help the Ruby community and we are all very grateful.

]]> By: Double Shot #519 « A Fresh Cup http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-9178 Double Shot #519 « A Fresh Cup Mon, 17 Aug 2009 10:14:04 +0000 http://blog.phusion.nl/?p=316#comment-9178 [...] Securely store passwords with bcrypt-ruby; now compatible with JRuby and Ruby 1.9 – Thanks to Phusion. [...] [...] Securely store passwords with bcrypt-ruby; now compatible with JRuby and Ruby 1.9 – Thanks to Phusion. [...]

]]>