what salt is used for in sorcery gem?

450 Views Asked by ditojanelidze At 20 September 2018 at 07:31

How exactly does sorcery authenticates user? What is salt and how to change sorcery default column names?

create_table "users", force: :cascade do |t|
  t.string   "email", null: false
  t.string   "crypted_password"
  t.string   "salt"
  t.datetime "created_at"
  t.datetime "updated_at"
end

Original Q&A

There are 1 best solutions below

blackrat On 20 September 2018 at 08:40

In standard cryptography, a 'salt' is used to ensure that password hashes are more secure. In Sorcery it does this by joining a random string to the end of the password and remembering that string in the salt field.

So when encrypting a new password, the pseudocode is:

hashing_algorithm('passed in password' + salt) => crypted_password

and when authenticating, the comparison is (Sorcery actually overrides 'matches?'):

crypted_password == hashing_algorithm('passed in password' + salt)

That way, even if the same password is used by multiple users, it's not obvious from the data as a different hash will be generated every time.

what salt is used for in sorcery gem?

There are 1 best solutions below

Related Questions in RUBY-ON-RAILS

Related Questions in RUBY

Related Questions in ENCRYPTION

Related Questions in SORCERY

Trending Questions

Popular # Hahtags

Popular Questions