Being Extra Safe With Bcrypt in Your Rails Application

Nick Kubo
Nick Kubo
May 12 · 3 min read

In the words of my software engineering instructor, “Anything that is on the internet is not secure.” Regardless of your multi-step authentication process as a precaution, there are loopholes for everything, and anything can be hacked. Despite our pessimistic outlook on hacking, as web developers we still have to try our best to protect our applications. Just because nothing is secure, does not mean we should give up on security. This brings us to hashing.

Hashing takes in an input, applies a hash function, and gives us an output. This process is nonreversible and extremely hard to reverse engineer without knowing the hash function. For our hashing algorithm, we’ll be using a Ruby gem called bcrypt.

Step one for using bcrypt is adding it to your gemfile and then installing it by running bundle install.

By looking at the official documentation on GitHub, we know the syntax for creating a password is:

my_password = BCrypt::Password.create("my password")

Knowing this, we can change our insecure applications into applications containing secure passwords. First, we need to update our existing schema by replacing password with a bcrypt digested password.

Lastly, we have to tell our model that it has a secure password.The method has_secure_password is given to us by bcrypt and will be used to run our hash function. Whenever a new user is created with a password passed to it, a new password digest will be created and stored in the database. The password initially passed in will still be a “password” and not a “password_digest”.

Nerd For Tech

From Confusion to Clarification

Nerd For Tech

NFT is an Educational Media House. Our mission is to bring the invaluable knowledge and experiences of experts from all over the world to the novice. To know more about us, visit https://www.nerdfortech.org/. Don’t forget to check out Ask-NFT, a mentorship ecosystem we’ve started

Nick Kubo

Written by

Nick Kubo

Software Engineering Student at Flatiron School

Nerd For Tech

NFT is an Educational Media House. Our mission is to bring the invaluable knowledge and experiences of experts from all over the world to the novice. To know more about us, visit https://www.nerdfortech.org/. Don’t forget to check out Ask-NFT, a mentorship ecosystem we’ve started

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store