mirror of
https://github.com/TracksApp/tracks.git
synced 2026-02-22 07:04:09 +01:00
Hash passwords with BCrypt instead of SHA1
BCrypt is regarded as a more secure alternative to hashing using message
digest algorithms, such as MD5 and SHA families [0, 1, 2]. Apart from
built-in salting it is adaptable to the increasing power of modern
processing units, which makes it more secure against brute-force cracking.
This commit makes all passwords hashed using BCrypt. The session tokens
remain generated using SHA1. Tests were updated, `rake test:units` and
`rake test:functionals` didn't report any regressions.
[0] http://bcrypt.sourceforge.net/
[1] http://en.wikipedia.org/w/index.php?title=Bcrypt&oldid=439692871
[2] eab1c72/README.md
This commit is contained in:
Jan Stępień
parent
0b88c72570
commit
95f0f71441
7 changed files with 24 additions and 17 deletions
4
spec/fixtures/users.yml
vendored
4
spec/fixtures/users.yml
vendored
|
|
@ -1,7 +1,7 @@
|
|||
# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
|
||||
admin_user:
|
||||
login: admin
|
||||
crypted_password: <%= Digest::SHA1.hexdigest("#{Tracks::Config.salt}--abracadabra--") %>
|
||||
crypted_password: <%= BCrypt::Password.create("#{Tracks::Config.salt}--abracadabra--").to_s %>
|
||||
token: <%= Digest::SHA1.hexdigest("adminSat Feb 25 17:14:00 GMT 20060.236961325863376") %>
|
||||
is_admin: true
|
||||
first_name: Admin
|
||||
|
|
@ -10,7 +10,7 @@ admin_user:
|
|||
|
||||
other_user:
|
||||
login: jane
|
||||
crypted_password: <%= Digest::SHA1.hexdigest("#{Tracks::Config.salt}--sesame--") %>
|
||||
crypted_password: <%= BCrypt::Password.create("#{Tracks::Config.salt}--sesame--").to_s %>
|
||||
token: <%= Digest::SHA1.hexdigest("janeSun Feb 19 14:42:45 GMT 20060.408173979260027") %>
|
||||
is_admin: false
|
||||
first_name: Jane
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue