Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Geoloqi's Password Encryption Code
# Due to recent concerns regarding password safety, Geoloqi has decided to publicly release the code
# that we use to do password hashing. After consulting with the community, this code now uses BCrypt for hashing
# (http://codahale.com/how-to-safely-store-a-password), which is based on blowfish, uses an integrated
# salting mechanism, and makes brute forcing expensive for attackers. It is widely used in the industry for
# production environments.
#
# Improvement suggestions are always welcome. Geoloqi takes security very seriously, and designs our systems to
# be as security-oriented as practically possible. We also believe in security transparency, because it leads to
# better security than obscurity, and is a more honest interaction with our customers.
#
# "The mantra of any good security engineer is: `Security is not a product, but a process.` It's more than
# designing strong cryptography into a system; it's designing the entire system such that all security
# measures, including cryptography, work together."
#
# -- Bruce Schneier, author of "Applied Cryptography".
require 'bcrypt'
module Sequel
module Password
def self.included(base)
base.extend(ClassMethods)
# Generate methods to login, so that we only have the methods on columns that actually exist for the record.
base.instance_eval do
[:username, :email].each do |identifier|
if columns.include? identifier
define_singleton_method "valid_#{identifier}_login?".to_sym do |application, value, plaintext|
valid_login? application, identifier, value, plaintext
end
end
end
end
end
module ClassMethods
def valid_login?(application, column, value, plaintext)
user = self[:application => application, column.to_sym => value]
return false if user.nil?
user.valid_password? plaintext
end
end
def valid_password?(plaintext)
BCrypt::Password.new(values[:password_hash]) == plaintext
end
def password=(plaintext)
@password_length = plaintext.length
values[:password_hash] = BCrypt::Password.create plaintext
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment