mirror of
https://github.com/TracksApp/tracks.git
synced 2026-04-18 01:59:02 +02:00
Hash passwords with BCrypt instead of SHA1
BCrypt is regarded as a more secure alternative to hashing using message
digest algorithms, such as MD5 and SHA families [0, 1, 2]. Apart from
built-in salting it is adaptable to the increasing power of modern
processing units, which makes it more secure against brute-force cracking.
This commit makes all passwords hashed using BCrypt. The session tokens
remain generated using SHA1. Tests were updated, `rake test:units` and
`rake test:functionals` didn't report any regressions.
[0] http://bcrypt.sourceforge.net/
[1] http://en.wikipedia.org/w/index.php?title=Bcrypt&oldid=439692871
[2] eab1c72/README.md
This commit is contained in:
Jan Stępień
parent
0b88c72570
commit
95f0f71441
7 changed files with 24 additions and 17 deletions
2
Gemfile
2
Gemfile
|
|
@ -16,7 +16,7 @@ gem "actionwebservice", :git => "git://github.com/dejan/actionwebservice.git"
|
|||
gem "rubycas-client"
|
||||
gem "ruby-openid", :require => "openid"
|
||||
gem "sqlite3"
|
||||
|
||||
gem 'bcrypt-ruby', '~> 2.1.4'
|
||||
|
||||
gem "webrat", ">=0.7.0", :groups => [:cucumber, :test]
|
||||
gem "database_cleaner", ">=0.5.0", :groups => [:cucumber, :selenium]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue