6b46c62d2e
File too long (should be no more than 24 lines). Line too long (should be no more than 80 characters). Trailing empty lines. Trailing white-space. Trucated the long files as best as possible while preserving the most info contained in them.
24 lines
948 B
Text
24 lines
948 B
Text
bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD
|
|
project for hashing passwords. bcrypt-ruby provides a simple, humane wrapper for
|
|
safely handling passwords.
|
|
|
|
= bcrypt-ruby
|
|
|
|
An easy way to keep your users' passwords secure.
|
|
|
|
* http://bcrypt-ruby.rubyforge.org/
|
|
* http://github.com/codahale/bcrypt-ruby/tree/master
|
|
|
|
== Why you should use bcrypt
|
|
|
|
If you store user passwords in the clear, then an attacker who steals a copy of
|
|
your database has a giant list of emails and passwords. Some of your users will
|
|
only have one password - for their email account, for their banking account, for
|
|
your application. A simple hack could escalate into massive identity theft.
|
|
|
|
It's your responsibility as a web developer to make your web application secure
|
|
- blaming your users for not being security experts is not a professional
|
|
response to risk.
|
|
|
|
bcrypt allows you to easily harden your application against these
|
|
kinds of attacks.
|