Question 1

How do I change the cost factor in bcrypt-ruby?

Accepted Answer

Set a global default with BCrypt::Engine.cost = new_value, or override it per password by passing :cost => value in options. For example, BCrypt::Password.create('password', :cost => 10) uses a cost of 10, balancing security and performance.

Question 2

Is bcrypt-ruby secure for handling international characters?

Accepted Answer

Yes, but ensure you're using version >= 2.1.4 on JRuby due to a past vulnerability. If you used an older version with international characters, re-hash those passwords to maintain security.

Question 3

bcrypt vs Argon2: which should I use for password hashing in Ruby?

Accepted Answer

Bcrypt is well-established and default in Rails, while Argon2 is newer with enhanced GPU resistance. Bcrypt-ruby only supports bcrypt, so for Argon2, consider alternatives like the argon2 gem, but bcrypt remains a reliable choice for most use cases.

Question 4

How does bcrypt-ruby integrate with Rails has_secure_password?

Accepted Answer

Rails' has_secure_password uses bcrypt-ruby under the hood. When included in a model, it automatically handles password hashing with bcrypt, simplifying authentication without manual bcrypt-ruby setup.

Question 5

What's the performance impact of using bcrypt-ruby in a high-traffic app?

Accepted Answer

Bcrypt's computational cost can slow authentication, particularly for stateless setups. The README suggests lowering the cost factor for such scenarios, but this reduces security, so weigh trade-offs based on your app's needs.

bcrypt-ruby

What is bcrypt-ruby?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions