jerry
Reputation: 917
How to compare 2 passwords in BCrypt in Ruby?
I'm using the gem "bcrypt". It's a Rack app. Once I've created a password hash and stored it in my db,
# register a user
plain_pass = get_input_from_user
pass_hash = BCrypt::Password.create(params["pass"])
# store in db
# ......
how can I then compare to the plain that comes from a user?
email = get_user_email
usr = User.first(email: params["email"])
plain_pass = params["pass"]
pass_hash = ?????
if usr.pass_hash == pass_hash
# ok, all good
The issue is that Password.create creates a new password each time, even with the same input:
irb(main):038:0> BCrypt::Password.create("aaa")
=> "$2a$10$CCWMcREb5mP2ldFshb4qiua.VK2ABHXCtDSzj2WwYf/KsZQjoDGoO"
irb(main):039:0> BCrypt::Password.create("aaa")
=> "$2a$10$w9rAu9FmLZ/jQ7IQmXutW.nh272ucS0PsIrMYUMBrDQpt4U70wOqa"
Upvotes: 3
Views: 1122
Answers (1)
Aaron Breckenridge
Reputation: 1819
Make sure you're using ==. Your example shows assignment (=).
Bcrypt::Password overrides the == method, which is how you should compare passwords:
crypted_password = Bcrypt::Password.create("foobarbaz")
# save crypted_password to db
# Presumably later on when your user returns
BCrypt::Password.new(crypted_password) == "foobarbaz" # => true
Upvotes: 4
Related Questions
- how to compare a password text with the bcrypt hashes?
- How to compare plain text password to hashed password using bcrypt?
- How do I use bcrypt in rails and validate the password?
- How can i compare decrypted password and encrypted password by 'Bcrypt' Gem
- Ruby bcrypt non-salt password comparison
- Ruby BCrypt hash comparison not working
- BCrypt comparing two hashes not equal
- bcrypt-ruby password generation and checking
- Ruby BCrypt hash comparison
- Comparing bcrypt hashes