namelessjon's Profile

As an additional note, by using BCrypt::Password you also store the cost of the BCrypt hash in the string. This allows you to easily upgrade the cost as computing power advances. New users will get the newer cost, old users will keep the older cost (until they update their password). You could also give admins a higher cost hash, whilst keeping the same authenticate function.

I would recommend using the interface bcrypt-ruby provides, instead of storing salts on your own. It stores the whole password + hash and host in a 60 character string. See the gist for rewritten encrypt and authenticate functions.

https://gist.github.com/799333