BCrypt is regarded as a more secure alternative to hashing using message
digest algorithms, such as MD5 and SHA families [0, 1, 2]. Apart from
built-in salting it is adaptable to the increasing power of modern
processing units, which makes it more secure against brute-force cracking.
This commit makes all passwords hashed using BCrypt. The session tokens
remain generated using SHA1. Tests were updated, `rake test:units` and
`rake test:functionals` didn't report any regressions.
[0] http://bcrypt.sourceforge.net/
[1] http://en.wikipedia.org/w/index.php?title=Bcrypt&oldid=439692871
[2] eab1c72/README.md
- Some fixtures added by Erik Ordway broke tests
- message:// links had an edge case I broke with 68701ada
- One test had a hard-coded id that changed
Closes#1019
Made corresponding change in view.
Added User.per_page method to provide number of users per page to User.paginate button. I can remove and just pass the param to the method in the controller if that is more desirable.
Added 2 controller tests for pagination. No view tests have been added.
